Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
Analysis ID:1434901
MD5:8a5ac55fce35d8a033ded9e56940152a
SHA1:704b32b4695e9f591147e0a1b055fb15d66fc50d
SHA256:753c54477705a387e4a0dee1f54529fa309172175cf22baea4dae67b0005c1dd
Tags:exe
Infos:

Detection

RisePro Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected RisePro Stealer
Connects to many ports of the same IP (likely port scanning)
Contains functionality to inject threads in other processes
Found many strings related to Crypto-Wallets (likely being stolen)
Found stalling execution ending in API Sleep call
Hides threads from debuggers
PE file has nameless sections
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe (PID: 7412 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe" MD5: 8A5AC55FCE35D8A033DED9E56940152A)
    • schtasks.exe (PID: 7464 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 7516 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • MPGPH131.exe (PID: 7576 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 8A5AC55FCE35D8A033DED9E56940152A)
  • MPGPH131.exe (PID: 7588 cmdline: C:\ProgramData\MPGPH131\MPGPH131.exe MD5: 8A5AC55FCE35D8A033DED9E56940152A)
  • RageMP131.exe (PID: 7652 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 8A5AC55FCE35D8A033DED9E56940152A)
  • RageMP131.exe (PID: 8032 cmdline: "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe" MD5: 8A5AC55FCE35D8A033DED9E56940152A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\QEGVANwj0k6bYEp2nEbzchm.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      0000000B.00000002.3569384353.00000000017A7000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
        0000000B.00000003.3434983200.0000000001897000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
          0000000B.00000002.3570549317.0000000001898000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
            Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe PID: 7412JoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
              Click to see the 5 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, ProcessId: 7412, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RageMP131

              Snort Signatures

              Timestamp:05/01/24-21:28:21.747237
              SID:2046269
              Source Port:49731
              Destination Port:58709
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:28:07.401095
              SID:2046269
              Source Port:49740
              Destination Port:58709
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:26:25.313213
              SID:2046267
              Source Port:58709
              Destination Port:49730
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:25:22.952144
              SID:2046266
              Source Port:58709
              Destination Port:49730
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:28:21.731238
              SID:2046269
              Source Port:49730
              Destination Port:58709
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:25:22.787637
              SID:2049060
              Source Port:49730
              Destination Port:58709
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:25:33.353823
              SID:2046266
              Source Port:58709
              Destination Port:49733
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:26:25.907179
              SID:2046267
              Source Port:58709
              Destination Port:49733
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:25:27.381179
              SID:2046266
              Source Port:58709
              Destination Port:49732
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:25:27.359968
              SID:2046266
              Source Port:58709
              Destination Port:49731
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:26:26.205307
              SID:2046267
              Source Port:58709
              Destination Port:49740
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:25:43.854924
              SID:2046266
              Source Port:58709
              Destination Port:49740
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:26:25.562531
              SID:2046267
              Source Port:58709
              Destination Port:49731
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:26:25.578399
              SID:2046267
              Source Port:58709
              Destination Port:49732
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:28:21.838617
              SID:2046269
              Source Port:49733
              Destination Port:58709
              Protocol:TCP
              Classtype:A Network Trojan was detected
              Timestamp:05/01/24-21:28:21.779239
              SID:2046269
              Source Port:49732
              Destination Port:58709
              Protocol:TCP
              Classtype:A Network Trojan was detected

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeAvira: detected
              Antivirus detection for URL or domain
              Source: http://193.233.132.167/cost/lenin.exeURL Reputation: Label: malware
              Source: http://193.233.132.167/cost/go.exeAvira URL Cloud: Label: malware
              Source: http://193.233.132.167/cost/lenin.exe.exeAvira URL Cloud: Label: phishing
              Source: http://193.233.132.167/cost/go.exe.1Avira URL Cloud: Label: phishing
              Source: http://147.45.47.102:57893/hera/amadka.exeAvira URL Cloud: Label: malware
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeAvira: detection malicious, Label: HEUR/AGEN.1306558
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeAvira: detection malicious, Label: HEUR/AGEN.1306558
              Multi AV Scanner detection for dropped file
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeReversingLabs: Detection: 36%
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeReversingLabs: Detection: 36%
              Multi AV Scanner detection for submitted file
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeReversingLabs: Detection: 36%
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49745 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49749 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49747 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49750 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49748 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49751 version: TLS 1.2
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E01F8C FindClose,FindFirstFileExW,GetLastError,0_2_00E01F8C
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_0126AD7B FindFirstFileA,5_2_0126AD7B
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_00981F8C FindClose,FindFirstFileExW,GetLastError,5_2_00981F8C
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_0126AD7B FindFirstFileA,6_2_0126AD7B
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00981F8C FindClose,FindFirstFileExW,GetLastError,6_2_00981F8C
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_00621F8C FindClose,FindFirstFileExW,GetLastError,7_2_00621F8C

              Networking

              barindex
              Snort IDS alert for network traffic
              Source: TrafficSnort IDS: 2049060 ET TROJAN RisePro TCP Heartbeat Packet 192.168.2.4:49730 -> 147.45.47.93:58709
              Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.93:58709 -> 192.168.2.4:49730
              Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49730 -> 147.45.47.93:58709
              Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.93:58709 -> 192.168.2.4:49731
              Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.93:58709 -> 192.168.2.4:49732
              Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49731 -> 147.45.47.93:58709
              Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49732 -> 147.45.47.93:58709
              Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.93:58709 -> 192.168.2.4:49733
              Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49733 -> 147.45.47.93:58709
              Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 147.45.47.93:58709 -> 192.168.2.4:49740
              Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.4:49740 -> 147.45.47.93:58709
              Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 147.45.47.93:58709 -> 192.168.2.4:49730
              Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 147.45.47.93:58709 -> 192.168.2.4:49731
              Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 147.45.47.93:58709 -> 192.168.2.4:49732
              Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 147.45.47.93:58709 -> 192.168.2.4:49733
              Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 147.45.47.93:58709 -> 192.168.2.4:49740
              Connects to many ports of the same IP (likely port scanning)
              Source: global trafficTCP traffic: 147.45.47.93 ports 0,5,7,8,58709,9
              Source: global trafficTCP traffic: 192.168.2.4:49730 -> 147.45.47.93:58709
              Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
              Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
              Source: Joe Sandbox ViewIP Address: 147.45.47.93 147.45.47.93
              Source: Joe Sandbox ViewIP Address: 104.26.5.15 104.26.5.15
              Source: Joe Sandbox ViewASN Name: FREE-NET-ASFREEnetEU FREE-NET-ASFREEnetEU
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: unknownDNS query: name: ipinfo.io
              Source: unknownDNS query: name: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /widget/demo/149.18.24.96 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /widget/demo/149.18.24.96 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /widget/demo/149.18.24.96 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /widget/demo/149.18.24.96 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /demo/home.php?s=149.18.24.96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
              Source: global trafficHTTP traffic detected: GET /demo/home.php?s=149.18.24.96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
              Source: global trafficHTTP traffic detected: GET /demo/home.php?s=149.18.24.96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
              Source: global trafficHTTP traffic detected: GET /demo/home.php?s=149.18.24.96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
              Source: global trafficHTTP traffic detected: GET /widget/demo/149.18.24.96 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /demo/home.php?s=149.18.24.96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.93
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E95940 recv,WSAStartup,getaddrinfo,closesocket,socket,connect,closesocket,FreeAddrInfoW,WSACleanup,FreeAddrInfoW,0_2_00E95940
              Source: global trafficHTTP traffic detected: GET /widget/demo/149.18.24.96 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /widget/demo/149.18.24.96 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /widget/demo/149.18.24.96 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /widget/demo/149.18.24.96 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /demo/home.php?s=149.18.24.96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
              Source: global trafficHTTP traffic detected: GET /demo/home.php?s=149.18.24.96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
              Source: global trafficHTTP traffic detected: GET /demo/home.php?s=149.18.24.96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
              Source: global trafficHTTP traffic detected: GET /demo/home.php?s=149.18.24.96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
              Source: global trafficHTTP traffic detected: GET /widget/demo/149.18.24.96 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
              Source: global trafficHTTP traffic detected: GET /demo/home.php?s=149.18.24.96 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
              Source: global trafficDNS traffic detected: DNS query: ipinfo.io
              Source: global trafficDNS traffic detected: DNS query: db-ip.com
              Source: RageMP131.exe, 00000007.00000002.3570083740.0000000001937000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera
              Source: RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.ex
              Source: RageMP131.exe, 00000007.00000002.3570083740.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://147.45.47.102:57893/hera/amadka.exe
              Source: RageMP131.exe, 00000007.00000002.3570083740.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.167/cost/go.exe
              Source: RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.167/cost/go.exe.1
              Source: RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.167/cost/lenin.exe
              Source: RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.167/cost/lenin.exe.exe
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drString found in binary or memory: http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drString found in binary or memory: http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.cr
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drString found in binary or memory: http://pki-ocsp.symauth.com0
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3566559066.00000000005F1000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
              Source: RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000003.2484291481.0000000000997000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3568341169.000000000099A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3570587845.00000000017C6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.2578480549.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819405097.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819215520.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876833828.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2877100726.0000000001968000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/
              Source: RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=149.18.24.96
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000003.2484291481.0000000000997000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3568341169.000000000099A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=149.18.24.96L
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=149.18.24.96omdW
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.000000000095E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3569605772.000000000176B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819405097.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819215520.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876833828.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570083740.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.00000000017A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com:443/demo/home.php?s=149.18.24.96
              Source: RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: RageMP131.exe, 00000007.00000002.3569378412.00000000018DF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3569378412.000000000189E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2877100726.0000000001968000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570083740.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3401026967.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3400228517.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.0000000001817000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.0000000001825000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399409021.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3402253621.000000000188A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2876513401.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937775107.0000000001889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
              Source: MPGPH131.exe, 00000006.00000002.3569205726.00000000019D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/:Z
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.0000000000951000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3569605772.0000000001780000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819215520.0000000001A25000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A25000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876833828.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570083740.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.0000000001825000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/Mozilla/5.0
              Source: RageMP131.exe, 0000000B.00000002.3569384353.0000000001817000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ch
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3566559066.00000000005F1000.00000040.00000001.01000000.00000005.sdmpString found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.00000000008FB000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.00000000017D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/j
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.0000000000918000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/u
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.000000000090A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3569605772.000000000173A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3569605772.0000000001780000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.00000000019E0000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819215520.0000000001A25000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A25000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3569378412.00000000018DA000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876833828.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570083740.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.0000000001825000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.00000000017E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/149.18.24.96
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.0000000000951000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/149.18.24.96;74
              Source: RageMP131.exe, 0000000B.00000002.3569384353.00000000017E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/149.18.24.96J
              Source: MPGPH131.exe, 00000006.00000002.3569205726.00000000019E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/149.18.24.96R
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.0000000000951000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3569605772.0000000001780000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819215520.0000000001A25000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A25000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876833828.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570083740.0000000001920000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/149.18.24.96
              Source: RageMP131.exe, 0000000B.00000002.3569384353.00000000017A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/149.18.24.96o
              Source: RageMP131.exe, 0000000B.00000003.3401026967.0000000001889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.microsoft.
              Source: RageMP131.exe, 0000000B.00000003.3401026967.0000000001889000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.microsoft..
              Source: 3b6N2Xdh3CYwplaces.sqlite.11.drString found in binary or memory: https://support.mozilla.org
              Source: 3b6N2Xdh3CYwplaces.sqlite.11.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: 3b6N2Xdh3CYwplaces.sqlite.11.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
              Source: 6IHWoe8lbZ9DHistory.11.dr, D4_tggVjtkMeHistory.11.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: 6IHWoe8lbZ9DHistory.11.dr, D4_tggVjtkMeHistory.11.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: 6IHWoe8lbZ9DHistory.11.dr, D4_tggVjtkMeHistory.11.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: 6IHWoe8lbZ9DHistory.11.dr, D4_tggVjtkMeHistory.11.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: RageMP131.exe, 0000000B.00000002.3570549317.0000000001898000.00000004.00000020.00020000.00000000.sdmp, QEGVANwj0k6bYEp2nEbzchm.zip.11.drString found in binary or memory: https://t.me/RiseProSUPPORT
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.00000000008E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTAT
              Source: MPGPH131.exe, 00000006.00000002.3569205726.00000000019A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/RiseProSUPPORTKue
              Source: MPGPH131.exe, 00000005.00000002.3570587845.00000000017C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro
              Source: MPGPH131.exe, 00000006.00000002.3569205726.0000000001A32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/riseproAD
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399409021.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3402253621.000000000188A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2876552455.0000000001896000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2876513401.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3403590192.0000000001912000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3434983200.0000000001897000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3570549317.0000000001898000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937775107.0000000001889000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.11.drString found in binary or memory: https://t.me/risepro_bot
              Source: RageMP131.exe, 00000007.00000003.2876833828.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2877100726.0000000001968000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot)f
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot.961740
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot/M1
              Source: MPGPH131.exe, 00000005.00000002.3570587845.00000000017C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_bot:g
              Source: RageMP131.exe, 00000007.00000003.2876833828.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2877100726.0000000001968000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botlaterH
              Source: RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drString found in binary or memory: https://www.ecosia.org/newtab/
              Source: RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: MPGPH131.exe, RageMP131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
              Source: 3b6N2Xdh3CYwplaces.sqlite.11.drString found in binary or memory: https://www.mozilla.org
              Source: 3b6N2Xdh3CYwplaces.sqlite.11.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: 3b6N2Xdh3CYwplaces.sqlite.11.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
              Source: RageMP131.exe, 0000000B.00000003.2937775107.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3401026967.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399409021.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3402253621.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2938107196.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3434983200.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2938399876.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, D87fZN3R3jFeplaces.sqlite.11.dr, 3b6N2Xdh3CYwplaces.sqlite.11.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: 3b6N2Xdh3CYwplaces.sqlite.11.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/dat
              Source: RageMP131.exe, 0000000B.00000003.2937775107.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3401026967.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399409021.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3402253621.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2938107196.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3434983200.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2938399876.00000000018E5000.00000004.00000020.00020000.00000000.sdmp, D87fZN3R3jFeplaces.sqlite.11.dr, 3b6N2Xdh3CYwplaces.sqlite.11.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/refox
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49745 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.4:49746 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49749 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49747 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49750 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49748 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.26.5.15:443 -> 192.168.2.4:49751 version: TLS 1.2

              System Summary

              barindex
              PE file has nameless sections
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E071900_2_00E07190
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E0C9500_2_00E0C950
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E0A9180_2_00E0A918
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E1DA740_2_00E1DA74
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E28BA00_2_00E28BA0
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00EC03500_2_00EC0350
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E1035F0_2_00E1035F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E225FE0_2_00E225FE
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00DFF5700_2_00DFF570
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00EBCFC00_2_00EBCFC0
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E247AD0_2_00E247AD
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF70B2E0_2_7EF70B2E
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF700000_2_7EF70000
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_009871905_2_00987190
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_0098A9185_2_0098A918
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_0098C9505_2_0098C950
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_0099DA745_2_0099DA74
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_009A8BA05_2_009A8BA0
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_0099035F5_2_0099035F
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_00A403505_2_00A40350
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_0097F5705_2_0097F570
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_009A47AD5_2_009A47AD
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_00A3CFC05_2_00A3CFC0
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_7F810B2E5_2_7F810B2E
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_7F8100005_2_7F810000
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_009871906_2_00987190
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_0098A9186_2_0098A918
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_0098C9506_2_0098C950
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_0099DA746_2_0099DA74
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_009A8BA06_2_009A8BA0
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_0099035F6_2_0099035F
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A403506_2_00A40350
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_0097F5706_2_0097F570
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_009A47AD6_2_009A47AD
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A3CFC06_2_00A3CFC0
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_7F690B2E6_2_7F690B2E
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_7F6900006_2_7F690000
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_0062C9507_2_0062C950
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_0062A9187_2_0062A918
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_006271907_2_00627190
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_0063DA747_2_0063DA74
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_0063035F7_2_0063035F
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_006E03507_2_006E0350
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_00648BA07_2_00648BA0
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_0061F5707_2_0061F570
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_006DCFC07_2_006DCFC0
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_006447AD7_2_006447AD
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_7F480B2E7_2_7F480B2E
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_7F4800007_2_7F480000
              Source: Joe Sandbox ViewDropped File: C:\ProgramData\MPGPH131\MPGPH131.exe 753C54477705A387E4A0DEE1F54529FA309172175CF22BAEA4DAE67B0005C1DD
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe 753C54477705A387E4A0DEE1F54529FA309172175CF22BAEA4DAE67B0005C1DD
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: String function: 00984370 appears 48 times
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameCrossDeviceSettingsHost.exeX vs SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeBinary or memory string: OriginalFilenameCrossDeviceSettingsHost.exeX vs SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: Section: ZLIB complexity 0.9997519048380221
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: Section: ZLIB complexity 0.9934290213178295
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: Section: ZLIB complexity 0.99267578125
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: Section: ZLIB complexity 1.0006510416666667
              Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9997519048380221
              Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9934290213178295
              Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 0.99267578125
              Source: RageMP131.exe.0.drStatic PE information: Section: ZLIB complexity 1.0006510416666667
              Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9997519048380221
              Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.9934290213178295
              Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 0.99267578125
              Source: MPGPH131.exe.0.drStatic PE information: Section: ZLIB complexity 1.0006510416666667
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/26@2/3
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeFile created: C:\Users\user\AppData\Local\RageMP131Jump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7472:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7524:120:WilError_03
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeFile created: C:\Users\user\AppData\Local\Temp\rage131MP.tmpJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3566559066.00000000005F1000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3566559066.00000000005F1000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
              Source: zMQYNC4o8CfOLogin Data For Account.11.dr, VuhoTc5LnxleLogin Data.11.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeReversingLabs: Detection: 36%
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
              Source: MPGPH131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
              Source: MPGPH131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
              Source: RageMP131.exeString found in binary or memory: https://www.maxmind.com/en/locate-my-ip-address
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe"
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
              Source: unknownProcess created: C:\ProgramData\MPGPH131\MPGPH131.exe C:\ProgramData\MPGPH131\MPGPH131.exe
              Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe "C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHESTJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHESTJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: dxcore.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: devobj.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: version.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wldp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: profapi.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxcore.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: webio.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: schannel.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: version.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wldp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: profapi.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dxcore.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: wininet.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: devobj.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: webio.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: schannel.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d11.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxgi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: resourcepolicyclient.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: d3d10warp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dxcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: devobj.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: vaultcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic file information: File size 3181568 > 1048576
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: Raw size of .data is bigger than: 0x100000 < 0x221c00

              Data Obfuscation

              barindex
              Detected unpacking (changes PE section rights)
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeUnpacked PE file: 0.2.SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe.dd0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:R;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:R;Unknown_Section6:EW;.data:EW;
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 5.2.MPGPH131.exe.950000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:R;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:R;Unknown_Section6:EW;.data:EW;
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeUnpacked PE file: 6.2.MPGPH131.exe.950000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:R;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:R;Unknown_Section6:EW;.data:EW;
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 7.2.RageMP131.exe.5f0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:R;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:R;Unknown_Section6:EW;.data:EW;
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeUnpacked PE file: 11.2.RageMP131.exe.5f0000.0.unpack Unknown_Section0:EW;Unknown_Section1:EW;Unknown_Section2:EW;Unknown_Section3:EW;Unknown_Section4:EW;.rsrc:R;Unknown_Section6:EW;.data:EW; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:W;Unknown_Section3:R;Unknown_Section4:R;.rsrc:R;Unknown_Section6:EW;.data:EW;
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E9C630 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,0_2_00E9C630
              Source: initial sampleStatic PE information: section where entry point is pointing to: .data
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: RageMP131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: MPGPH131.exe.0.drStatic PE information: section name:
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E03F49 push ecx; ret 0_2_00E03F5C
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF70EF0 push 7EF70002h; ret 0_2_7EF70EFF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71AF0 push 7EF70002h; ret 0_2_7EF71AFF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF726F0 push 7EF70002h; ret 0_2_7EF726FF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF712E0 push 7EF70002h; ret 0_2_7EF712EF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71EE0 push 7EF70002h; ret 0_2_7EF71EEF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF72AE0 push 7EF70002h; ret 0_2_7EF72AEF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF716D0 push 7EF70002h; ret 0_2_7EF716DF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF722D0 push 7EF70002h; ret 0_2_7EF722DF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF70EC0 push 7EF70002h; ret 0_2_7EF70ECF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71AC0 push 7EF70002h; ret 0_2_7EF71ACF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF726C0 push 7EF70002h; ret 0_2_7EF726CF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF712B0 push 7EF70002h; ret 0_2_7EF712BF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71EB0 push 7EF70002h; ret 0_2_7EF71EBF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF72AB0 push 7EF70002h; ret 0_2_7EF72ABF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF716A0 push 7EF70002h; ret 0_2_7EF716AF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF722A0 push 7EF70002h; ret 0_2_7EF722AF
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF70E90 push 7EF70002h; ret 0_2_7EF70E9F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71A90 push 7EF70002h; ret 0_2_7EF71A9F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF72690 push 7EF70002h; ret 0_2_7EF7269F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71280 push 7EF70002h; ret 0_2_7EF7128F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71E80 push 7EF70002h; ret 0_2_7EF71E8F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF72A80 push 7EF70002h; ret 0_2_7EF72A8F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71670 push 7EF70002h; ret 0_2_7EF7167F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF72270 push 7EF70002h; ret 0_2_7EF7227F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF70E60 push 7EF70002h; ret 0_2_7EF70E6F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71A60 push 7EF70002h; ret 0_2_7EF71A6F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF72660 push 7EF70002h; ret 0_2_7EF7266F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71250 push 7EF70002h; ret 0_2_7EF7125F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71E50 push 7EF70002h; ret 0_2_7EF71E5F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF72A50 push 7EF70002h; ret 0_2_7EF72A5F
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name: entropy: 7.999649688016574
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name: entropy: 7.99052780466811
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name: entropy: 7.820875432384983
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStatic PE information: section name: entropy: 7.992787647902555
              Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.999649688016574
              Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.99052780466811
              Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.820875432384983
              Source: RageMP131.exe.0.drStatic PE information: section name: entropy: 7.992787647902555
              Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.999649688016574
              Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.99052780466811
              Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.820875432384983
              Source: MPGPH131.exe.0.drStatic PE information: section name: entropy: 7.992787647902555
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeFile created: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeJump to dropped file
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeFile created: C:\ProgramData\MPGPH131\MPGPH131.exeJump to dropped file

              Boot Survival

              barindex
              Uses schtasks.exe or at.exe to add and modify task schedules
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run RageMP131Jump to behavior

              Malware Analysis System Evasion

              barindex
              Found stalling execution ending in API Sleep call
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeStalling execution: Execution stalls by calling Sleepgraph_0-15461
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeStalling execution: Execution stalls by calling Sleepgraph_5-15308
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeStalling execution: Execution stalls by calling Sleep
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeWindow / User API: threadDelayed 666Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeWindow / User API: threadDelayed 839Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeWindow / User API: threadDelayed 654Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeWindow / User API: threadDelayed 395Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeWindow / User API: threadDelayed 4650Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 2228Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 6883Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 8049Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeWindow / User API: threadDelayed 1009Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 4744Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 4362Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 4997Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeWindow / User API: threadDelayed 4073Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-15849
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_5-15320
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_5-17806
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-17771
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe TID: 7416Thread sleep count: 666 > 30Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe TID: 7428Thread sleep count: 839 > 30Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe TID: 7428Thread sleep time: -839000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe TID: 7432Thread sleep count: 654 > 30Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe TID: 7432Thread sleep time: -654000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe TID: 7416Thread sleep count: 395 > 30Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe TID: 7416Thread sleep time: -39895s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe TID: 7428Thread sleep count: 4650 > 30Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe TID: 7428Thread sleep time: -4650000s >= -30000sJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7608Thread sleep count: 2228 > 30Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7608Thread sleep time: -2228000s >= -30000sJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7616Thread sleep count: 6883 > 30Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7616Thread sleep time: -6883000s >= -30000sJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7580Thread sleep count: 32 > 30Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7580Thread sleep count: 342 > 30Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7580Thread sleep time: -34542s >= -30000sJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7592Thread sleep count: 71 > 30Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7612Thread sleep count: 8049 > 30Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7612Thread sleep time: -8049000s >= -30000sJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7620Thread sleep count: 1009 > 30Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7620Thread sleep time: -1009000s >= -30000sJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7592Thread sleep count: 338 > 30Jump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exe TID: 7592Thread sleep time: -34138s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7668Thread sleep count: 4744 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7668Thread sleep time: -4744000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7680Thread sleep count: 4362 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7680Thread sleep time: -4362000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7656Thread sleep count: 326 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7656Thread sleep time: -32926s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 7656Thread sleep count: 34 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8036Thread sleep count: 66 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8048Thread sleep count: 4997 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8048Thread sleep time: -4997000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8056Thread sleep count: 4073 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8056Thread sleep time: -4073000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8036Thread sleep count: 257 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe TID: 8036Thread sleep count: 71 > 30Jump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E01F8C FindClose,FindFirstFileExW,GetLastError,0_2_00E01F8C
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_0126AD7B FindFirstFileA,5_2_0126AD7B
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_00981F8C FindClose,FindFirstFileExW,GetLastError,5_2_00981F8C
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_0126AD7B FindFirstFileA,6_2_0126AD7B
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00981F8C FindClose,FindFirstFileExW,GetLastError,6_2_00981F8C
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_00621F8C FindClose,FindFirstFileExW,GetLastError,7_2_00621F8C
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 3Windows 2012 Server Standard without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 11 Essential Server Solutions without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: #Windows 10 Microsoft Hyper-V Server
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8.1 Microsoft Hyper-V Server
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 Server Standard without Hyper-V
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8 Microsoft Hyper-V Server
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 3Windows 11 Server Enterprise without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 3Windows 2016 Server Standard without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8.1 Server Standard without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 3Windows 11 Server Enterprise without Hyper-V (core)
              Source: RageMP131.exe, 00000007.00000003.1848014512.000000000190C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}<*
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: (Windows 2012 R2 Microsoft Hyper-V Server
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 11 Microsoft Hyper-V Server
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 6Windows 2012 R2 Server Standard without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 R2 Server Standard without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.000000000092B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(K
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8 Server Datacenter without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 10 Server Datacenter without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 0Windows 8 Server Standard without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 6Windows 8.1 Essential Server Solutions without Hyper-V
              Source: RageMP131.exe, 0000000B.00000002.3569384353.0000000001817000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
              Source: RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: vmware
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8 Server Standard without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 4Windows 8 Essential Server Solutions without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 5Windows 2012 Server Datacenter without Hyper-V (full)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2016 Essential Server Solutions without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 2Windows 8 Server Enterprise without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: "Windows 8 Microsoft Hyper-V Server
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (full)
              Source: RageMP131.exe, 0000000B.00000003.3403207278.00000000018F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_61F8D163
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 3Windows 11 Server Datacenter without Hyper-V (full)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 10 Server Standard without Hyper-V
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 R2 Microsoft Hyper-V Server
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.000000000095E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP@
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 11 Server Standard without Hyper-V (core)
              Source: MPGPH131.exe, 00000006.00000003.1788169635.0000000001A12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}R
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8.1 Essential Server Solutions without Hyper-V
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 R2 Server Standard without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Hyper-V (guest)
              Source: MPGPH131.exe, 00000005.00000002.3569605772.000000000176B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b})
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 Essential Server Solutions without Hyper-V
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 10 Microsoft Hyper-V Server
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 R2 Server Datacenter without Hyper-V (full)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.00000000008C7000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: ~VirtualMachineTypes
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.00000000008C7000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: ]DLL_Loader_VirtualMachine
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2016 Microsoft Hyper-V Server
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.00000000008C7000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: DLL_Loader_Marker]DLL_Loader_VirtualMachineZDLL_Loader_Reloc_Unit
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: /Windows 2012 R2 Server Standard without Hyper-V
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 11 Server Standard without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: )Windows 8 Server Standard without Hyper-V
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 11 Server Enterprise without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 5Windows 2016 Server Datacenter without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 11 Server Datacenter without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: %Windows 2012 Microsoft Hyper-V Server
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: $Windows 8.1 Microsoft Hyper-V Server
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: ,Windows 2012 Server Standard without Hyper-V
              Source: MPGPH131.exe, 00000006.00000003.1788169635.0000000001A12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}D
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 3Windows 10 Server Datacenter without Hyper-V (full)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 Microsoft Hyper-V Server
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 Server Enterprise without Hyper-V (core)
              Source: MPGPH131.exe, 00000005.00000003.1788194631.000000000176D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}(
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8 Essential Server Solutions without Hyper-V
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 10 Essential Server Solutions without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.000000000095E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3569605772.000000000178B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3569605772.000000000175B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819405097.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819215520.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A01000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876833828.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570083740.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001937000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 8Windows 2012 R2 Server Datacenter without Hyper-V (full)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 10 Server Standard without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8.1 Server Enterprise without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 R2 Server Enterprise without Hyper-V (core)
              Source: RageMP131.exe, 0000000B.00000003.1952701329.0000000001815000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 7Windows 2012 Essential Server Solutions without Hyper-V
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8 Server Enterprise without Hyper-V (full)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2016 Server Enterprise without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2016 Server Datacenter without Hyper-V (full)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8.1 Server Datacenter without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: %Windows 2016 Microsoft Hyper-V Server
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 5Windows 2012 Server Enterprise without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 3Windows 10 Server Enterprise without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 3Windows 11 Server Datacenter without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 7Windows 2016 Essential Server Solutions without Hyper-V
              Source: RageMP131.exe, 0000000B.00000003.3403207278.00000000018F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}es=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: +Windows 8.1 Server Standard without Hyper-V
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2016 Server Standard without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 3Windows 10 Server Datacenter without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 11 Server Enterprise without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 11 Server Datacenter without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 5Windows 2016 Server Enterprise without Hyper-V (full)
              Source: RageMP131.exe, 0000000B.00000003.1952701329.0000000001817000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: #disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}zv
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 2Windows 8 Server Datacenter without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 10 Server Enterprise without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 10 Server Datacenter without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: :Windows 2012 R2 Essential Server Solutions without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 5Windows 11 Essential Server Solutions without Hyper-V
              Source: RageMP131.exe, 00000007.00000002.3569378412.000000000189E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000G3
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2016 Server Standard without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8 Server Standard without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 5Windows 10 Essential Server Solutions without Hyper-V
              Source: RageMP131.exe, 0000000B.00000003.3403207278.00000000018F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000OfXwz2dz94dW9CO9/LCNFUZVGp7azu92pjOcuOzuJebb54RCki
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 8Windows 2012 R2 Server Enterprise without Hyper-V (core)
              Source: RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: xVBoxService.exe
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 Server Datacenter without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 3Windows 10 Server Enterprise without Hyper-V (full)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8.1 Server Enterprise without Hyper-V (full)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8 Server Enterprise without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: *Windows 11 Server Standard without Hyper-V
              Source: MPGPH131.exe, 00000006.00000003.2819405097.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819215520.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A32000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW,
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 R2 Essential Server Solutions without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: ,Windows 2016 Server Standard without Hyper-V
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 Server Standard without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8.1 Server Datacenter without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8 Server Datacenter without Hyper-V (full)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2016 Server Datacenter without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2016 Server Enterprise without Hyper-V (full)
              Source: RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: VBoxService.exe
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 8.1 Server Standard without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: *Windows 10 Server Standard without Hyper-V
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 1Windows 11 Server Standard without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 1Windows 10 Server Standard without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 Server Enterprise without Hyper-V (full)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 2012 Server Datacenter without Hyper-V (full)
              Source: RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: VMWare
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 4Windows 8.1 Server Enterprise without Hyper-V (core)
              Source: MPGPH131.exe, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: Windows 10 Server Enterprise without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 2Windows 8.1 Server Standard without Hyper-V (core)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 2Windows 8 Server Datacenter without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 4Windows 8.1 Server Datacenter without Hyper-V (core)
              Source: RageMP131.exe, 0000000B.00000002.3569384353.00000000017A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: 2Windows 8 Server Enterprise without Hyper-V (full)
              Source: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3567200602.0000000000797000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: #Windows 11 Microsoft Hyper-V Server
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess information queried: ProcessInformationJump to behavior

              Anti Debugging

              barindex
              Hides threads from debuggers
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeThread information set: HideFromDebuggerJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E08A54 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E08A54
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E9C630 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,0_2_00E9C630
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E08A54 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E08A54
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E0450D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00E0450D
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_00988A54 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00988A54
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_0098450D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_0098450D
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00988A54 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00988A54
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_0098450D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_0098450D
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_00628A54 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,7_2_00628A54
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_0062450D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,7_2_0062450D

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Contains functionality to inject threads in other processes
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E9C630 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,0_2_00E9C630
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 5_2_00A1C630 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,5_2_00A1C630
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: 6_2_00A1C630 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,6_2_00A1C630
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: 7_2_006BC630 VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,VirtualAllocEx,LoadLibraryA,GetProcAddress,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,7_2_006BC630
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: EnumSystemLocalesW,0_2_00E1B1A3
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: GetLocaleInfoW,0_2_00E231B8
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00E232E1
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: GetLocaleInfoW,0_2_00E233E7
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00E22B48
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00E234BD
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: EnumSystemLocalesW,0_2_00E22DF4
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: GetLocaleInfoW,0_2_00E22D4D
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: EnumSystemLocalesW,0_2_00E22EDA
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: EnumSystemLocalesW,0_2_00E22E3F
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00E22F65
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: GetLocaleInfoW,0_2_00E1B726
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,5_2_009A31B8
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,5_2_0099B1A3
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_009A32E1
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,5_2_009A33E7
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,5_2_009A2B48
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_009A34BD
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoA,5_2_0126AD69
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,5_2_009A2DF4
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,5_2_009A2D4D
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,5_2_009A2EDA
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,5_2_009A2E3F
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,5_2_0099B726
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_009A2F65
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_009A31B8
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_0099B1A3
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,6_2_009A32E1
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_009A33E7
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,6_2_009A2B48
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,6_2_009A34BD
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoA,6_2_0126AD69
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_009A2DF4
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_009A2D4D
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_009A2EDA
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: EnumSystemLocalesW,6_2_009A2E3F
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,6_2_0099B726
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,6_2_009A2F65
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: EnumSystemLocalesW,7_2_0063B1A3
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: GetLocaleInfoW,7_2_006431B8
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,7_2_006432E1
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,7_2_00642B48
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: GetLocaleInfoW,7_2_006433E7
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,7_2_006434BD
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: GetLocaleInfoW,7_2_00642D4D
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: EnumSystemLocalesW,7_2_00642DF4
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: EnumSystemLocalesW,7_2_00642E3F
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: EnumSystemLocalesW,7_2_00642EDA
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,7_2_00642F65
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeCode function: GetLocaleInfoW,7_2_0063B726
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\ProgramData\MPGPH131\MPGPH131.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_00E0360D GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,GetSystemTimeAsFileTime,0_2_00E0360D
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeCode function: 0_2_7EF71E20 GetUserNameA,0_2_7EF71E20
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected RisePro Stealer
              Source: Yara matchFile source: 0000000B.00000002.3569384353.00000000017A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000003.3434983200.0000000001897000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.3570549317.0000000001898000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe PID: 7412, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7576, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7588, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 7652, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 8032, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\QEGVANwj0k6bYEp2nEbzchm.zip, type: DROPPED
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\walletsw
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Jaxx\Local Storage*
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\wallets[
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\wallets[
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets*
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\MultiDoge\multidoge.wallet*
              Source: RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ledger Live
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\places.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\signons.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\formhistory.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\signons.sqliteJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default\logins.jsonJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
              Tries to steal Mail credentials (via file / registry access)
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
              Source: C:\Users\user\AppData\Local\RageMP131\RageMP131.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: Yara matchFile source: 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 8032, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected RisePro Stealer
              Source: Yara matchFile source: 0000000B.00000002.3569384353.00000000017A7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000003.3434983200.0000000001897000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.3570549317.0000000001898000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe PID: 7412, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7576, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: MPGPH131.exe PID: 7588, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 7652, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RageMP131.exe PID: 8032, type: MEMORYSTR
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\QEGVANwj0k6bYEp2nEbzchm.zip, type: DROPPED

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Native API              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		1
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		2
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts2
              Command and Scripting Interpreter              		1
              Scheduled Task/Job              		11
              Process Injection              		3
              Obfuscated Files or Information              		LSASS Memory1
              Account Discovery              		Remote Desktop Protocol2
              Data from Local System              		11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Scheduled Task/Job              		1
              Registry Run Keys / Startup Folder              		1
              Scheduled Task/Job              		12
              Software Packing              		Security Account Manager2
              File and Directory Discovery              		SMB/Windows Admin Shares1
              Email Collection              		1
              Non-Standard Port              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
              Registry Run Keys / Startup Folder              		1
              DLL Side-Loading              		NTDS34
              System Information Discovery              		Distributed Component Object ModelInput Capture2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Masquerading              		LSA Secrets221
              Security Software Discovery              		SSHKeylogging13
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
              Virtualization/Sandbox Evasion              		Cached Domain Credentials12
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
              Process Injection              		DCSync1
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
              Application Window Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
              System Owner/User Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
              System Network Configuration Discovery              		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1434901 Sample: SecuriteInfo.com.Win32.PWSX... Startdate: 01/05/2024 Architecture: WINDOWS Score: 100 33 ipinfo.io 2->33 35 db-ip.com 2->35 43 Snort IDS alert for network traffic 2->43 45 Antivirus detection for URL or domain 2->45 47 Antivirus / Scanner detection for submitted sample 2->47 49 4 other signatures 2->49 8 SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe 1 9 2->8         started        13 RageMP131.exe 2 2->13         started        15 MPGPH131.exe 2 2->15         started        17 2 other processes 2->17 signatures3 process4 dnsIp5 37 147.45.47.93, 49730, 49731, 49732 FREE-NET-ASFREEnetEU Russian Federation 8->37 39 ipinfo.io 34.117.186.192, 443, 49742, 49743 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 8->39 41 db-ip.com 104.26.5.15, 443, 49747, 49748 CLOUDFLARENETUS United States 8->41 27 C:\Users\user\AppData\Local\...\RageMP131.exe, PE32 8->27 dropped 29 C:\ProgramData\MPGPH131\MPGPH131.exe, PE32 8->29 dropped 51 Detected unpacking (changes PE section rights) 8->51 53 Found stalling execution ending in API Sleep call 8->53 55 Contains functionality to inject threads in other processes 8->55 57 Uses schtasks.exe or at.exe to add and modify task schedules 8->57 19 schtasks.exe 1 8->19         started        21 schtasks.exe 1 8->21         started        59 Antivirus detection for dropped file 13->59 61 Multi AV Scanner detection for dropped file 13->61 63 Hides threads from debuggers 13->63 31 C:\Users\user\...\QEGVANwj0k6bYEp2nEbzchm.zip, Zip 17->31 dropped 65 Tries to steal Mail credentials (via file / registry access) 17->65 67 Found many strings related to Crypto-Wallets (likely being stolen) 17->67 69 Tries to harvest and steal browser information (history, passwords, etc) 17->69 file6 signatures7 process8 process9 23 conhost.exe 19->23         started        25 conhost.exe 21->25         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe37%ReversingLabsWin32.Trojan.Generic
              SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe100%AviraHEUR/AGEN.1306558

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\RageMP131\RageMP131.exe100%AviraHEUR/AGEN.1306558
              C:\ProgramData\MPGPH131\MPGPH131.exe100%AviraHEUR/AGEN.1306558
              C:\ProgramData\MPGPH131\MPGPH131.exe37%ReversingLabsWin32.Trojan.Generic
              C:\Users\user\AppData\Local\RageMP131\RageMP131.exe37%ReversingLabsWin32.Trojan.Generic

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://support.microsoft..0%URL Reputationsafe
              http://193.233.132.167/cost/lenin.exe100%URL Reputationmalware
              https://support.microsoft.0%URL Reputationsafe
              http://pki-ocsp.symauth.com00%URL Reputationsafe
              http://147.45.47.102:57893/hera/amadka.ex0%Avira URL Cloudsafe
              http://193.233.132.167/cost/go.exe100%Avira URL Cloudmalware
              http://193.233.132.167/cost/lenin.exe.exe100%Avira URL Cloudphishing
              http://193.233.132.167/cost/go.exe.1100%Avira URL Cloudphishing
              http://147.45.47.102:57893/hera/amadka.exe100%Avira URL Cloudmalware
              http://147.45.47.102:57893/hera0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              ipinfo.io
              		34.117.186.192
              		truefalse
                		high
                db-ip.com
                		104.26.5.15
                		truefalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://db-ip.com/demo/home.php?s=149.18.24.96false
                    		high
                    https://ipinfo.io/widget/demo/149.18.24.96false
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://duckduckgo.com/chrome_newtabRageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drfalse
                        		high
                        https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF3b6N2Xdh3CYwplaces.sqlite.11.drfalse
                          		high
                          https://ipinfo.io:443/widget/demo/149.18.24.96SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.0000000000951000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3569605772.0000000001780000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819215520.0000000001A25000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A25000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876833828.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570083740.0000000001920000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drfalse
                              		high
                              https://ipinfo.io/:ZMPGPH131.exe, 00000006.00000002.3569205726.00000000019D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://193.233.132.167/cost/lenin.exe.exeRageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: phishing
                                		unknown
                                http://147.45.47.102:57893/hera/amadka.exeRageMP131.exe, 00000007.00000002.3570083740.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://pki-crl.symauth.com/ca_732b6ec148d290c0a071efd1dac8e288/LatestCRL.crl07SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drfalse
                                  		high
                                  https://db-ip.com/SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000003.2484291481.0000000000997000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3568341169.000000000099A000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3570587845.00000000017C6000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000003.2578480549.00000000017C3000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819405097.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819215520.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876833828.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2877100726.0000000001968000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://t.me/riseproADMPGPH131.exe, 00000006.00000002.3569205726.0000000001A32000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://147.45.47.102:57893/hera/amadka.exRageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://pki-crl.symauth.com/offlineca/TheInstituteofElectricalandElectronicsEngineersIncIEEERootCA.crSecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drfalse
                                        		high
                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drfalse
                                          		high
                                          https://ipinfo.io/widget/demo/149.18.24.96RMPGPH131.exe, 00000006.00000002.3569205726.00000000019E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e176IHWoe8lbZ9DHistory.11.dr, D4_tggVjtkMeHistory.11.drfalse
                                              		high
                                              https://t.me/riseproMPGPH131.exe, 00000005.00000002.3570587845.00000000017C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://support.microsoft..RageMP131.exe, 0000000B.00000003.3401026967.0000000001889000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		low
                                                http://193.233.132.167/cost/go.exe.1RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: phishing
                                                		unknown
                                                https://ipinfo.io/widget/demo/149.18.24.96JRageMP131.exe, 0000000B.00000002.3569384353.00000000017E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://193.233.132.167/cost/go.exeRageMP131.exe, 00000007.00000002.3570083740.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://db-ip.com/demo/home.php?s=149.18.24.96omdWRageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ipinfo.io/widget/demo/149.18.24.96;74SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.0000000000951000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install6IHWoe8lbZ9DHistory.11.dr, D4_tggVjtkMeHistory.11.drfalse
                                                        		high
                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drfalse
                                                          		high
                                                          https://ipinfo.io/uSecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.0000000000918000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://ipinfo.io/jSecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.00000000008FB000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.00000000017D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://193.233.132.167/cost/lenin.exeRageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmptrue
                                                              • URL Reputation: malware
                                                              		unknown
                                                              https://t.me/risepro_bot:gMPGPH131.exe, 00000005.00000002.3570587845.00000000017C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ipinfo.io/chRageMP131.exe, 0000000B.00000002.3569384353.0000000001817000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://t.me/risepro_bot.961740RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://t.me/risepro_botlaterHRageMP131.exe, 00000007.00000003.2876833828.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2877100726.0000000001968000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://t.me/risepro_bot)fRageMP131.exe, 00000007.00000003.2876833828.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2877100726.0000000001968000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoRageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drfalse
                                                                          		high
                                                                          https://ipinfo.io:443/widget/demo/149.18.24.96oRageMP131.exe, 0000000B.00000002.3569384353.00000000017A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://support.microsoft.RageMP131.exe, 0000000B.00000003.3401026967.0000000001889000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://t.me/RiseProSUPPORTATSecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.00000000008E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dllSecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3566559066.00000000005F1000.00000040.00000001.01000000.00000005.sdmpfalse
                                                                                		high
                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drfalse
                                                                                  		high
                                                                                  https://t.me/RiseProSUPPORTRageMP131.exe, 0000000B.00000002.3570549317.0000000001898000.00000004.00000020.00020000.00000000.sdmp, QEGVANwj0k6bYEp2nEbzchm.zip.11.drfalse
                                                                                    		high
                                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20166IHWoe8lbZ9DHistory.11.dr, D4_tggVjtkMeHistory.11.drfalse
                                                                                      		high
                                                                                      https://www.ecosia.org/newtab/RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drfalse
                                                                                        		high
                                                                                        https://ipinfo.io/Mozilla/5.0SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.0000000000951000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3569605772.0000000001780000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819215520.0000000001A25000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A25000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876833828.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570083740.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.0000000001825000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br3b6N2Xdh3CYwplaces.sqlite.11.drfalse
                                                                                            		high
                                                                                            https://ac.ecosia.org/autocomplete?q=RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drfalse
                                                                                              		high
                                                                                              https://t.me/risepro_botRageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399409021.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3402253621.000000000188A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2876552455.0000000001896000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2876513401.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3403590192.0000000001912000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3434983200.0000000001897000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3570549317.0000000001898000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937775107.0000000001889000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.11.drfalse
                                                                                                		high
                                                                                                https://t.me/risepro_bot/M1RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://db-ip.com/demo/home.php?s=149.18.24.96LSecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000003.2484291481.0000000000997000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3568341169.000000000099A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://ipinfo.io/RageMP131.exe, 00000007.00000002.3569378412.00000000018DF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3569378412.000000000189E000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2877100726.0000000001968000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570083740.0000000001920000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570293007.000000000196A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3401026967.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3400228517.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.0000000001817000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.0000000001825000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399409021.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3402253621.000000000188A000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2876513401.0000000001889000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937775107.0000000001889000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://pki-ocsp.symauth.com0SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, RageMP131.exe.0.dr, MPGPH131.exe.0.drfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://www.maxmind.com/en/locate-my-ip-addressMPGPH131.exe, RageMP131.exefalse
                                                                                                        		high
                                                                                                        http://147.45.47.102:57893/heraRageMP131.exe, 00000007.00000002.3570083740.0000000001937000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: safe
                                                                                                        		unknown
                                                                                                        https://db-ip.com:443/demo/home.php?s=149.18.24.96SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3567222983.000000000095E000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000005.00000002.3569605772.000000000176B000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819405097.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000003.2819215520.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, MPGPH131.exe, 00000006.00000002.3569205726.0000000001A32000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876833828.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000002.3570083740.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 00000007.00000003.2876465106.0000000001937000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000002.3569384353.00000000017A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.winimage.com/zLibDllSecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe, 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, MPGPH131.exe, 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, MPGPH131.exe, 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, RageMP131.exe, 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, RageMP131.exe, 0000000B.00000002.3566559066.00000000005F1000.00000040.00000001.01000000.00000005.sdmpfalse
                                                                                                            		high
                                                                                                            https://support.mozilla.org3b6N2Xdh3CYwplaces.sqlite.11.drfalse
                                                                                                              		high
                                                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples6IHWoe8lbZ9DHistory.11.dr, D4_tggVjtkMeHistory.11.drfalse
                                                                                                                		high
                                                                                                                https://t.me/RiseProSUPPORTKueMPGPH131.exe, 00000006.00000002.3569205726.00000000019A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RageMP131.exe, 0000000B.00000003.2936742863.00000000018FF000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.3399692582.000000000192B000.00000004.00000020.00020000.00000000.sdmp, RageMP131.exe, 0000000B.00000003.2937402794.000000000192E000.00000004.00000020.00020000.00000000.sdmp, yQm3EH6MY0Q2Web Data.11.dr, fcfJXGhjOs0_Web Data.11.dr, G_ExU1umMCApWeb Data.11.drfalse
                                                                                                                    		high

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    34.117.186.192
                                                                                                                    		ipinfo.ioUnited States
                                                                                                                    		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                    147.45.47.93
                                                                                                                    		unknownRussian Federation
                                                                                                                    		2895FREE-NET-ASFREEnetEUtrue
                                                                                                                    104.26.5.15
                                                                                                                    		db-ip.comUnited States
                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                    Analysis ID:1434901
                                                                                                                    Start date and time:2024-05-01 21:24:24 +02:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 9m 38s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:default.jbs
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:15
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:0
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Sample name:SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@11/26@2/3
                                                                                                                    EGA Information:
                                                                                                                    • Successful, ratio: 100%
                                                                                                                    HCA Information:Failed
                                                                                                                    Cookbook Comments:
                                                                                                                    • Found application associated with file extension: .exe

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                    • Excluded IPs from analysis (whitelisted): 20.190.190.132, 40.126.62.130, 40.126.62.131, 20.190.190.195, 40.126.62.129, 20.190.190.196, 20.190.190.131, 20.190.190.129
                                                                                                                    • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                    • VT rate limit hit for: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    20:25:21AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                    20:25:23Task SchedulerRun new task: MPGPH131 HR path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                    20:25:23Task SchedulerRun new task: MPGPH131 LG path: C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                    20:25:30AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run RageMP131 C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                    21:25:53API Interceptor1453768x Sleep call for process: SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe modified
                                                                                                                    21:25:58API Interceptor2325349x Sleep call for process: MPGPH131.exe modified
                                                                                                                    21:26:06API Interceptor2015416x Sleep call for process: RageMP131.exe modified

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    34.117.186.192SecuriteInfo.com.Win32.Evo-gen.24318.16217.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • ipinfo.io/json
                                                                                                                    SecuriteInfo.com.Win32.Evo-gen.28489.31883.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • ipinfo.io/json
                                                                                                                    Raptor.HardwareService.Setup 1.msiGet hashmaliciousUnknownBrowse
                                                                                                                    • ipinfo.io/ip
                                                                                                                    Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                    • ipinfo.io/
                                                                                                                    Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                                                                    • ipinfo.io/
                                                                                                                    w.shGet hashmaliciousXmrigBrowse
                                                                                                                    • /ip
                                                                                                                    Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                    • ipinfo.io/ip
                                                                                                                    Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                    • ipinfo.io/ip
                                                                                                                    uUsgzQ3DoW.exeGet hashmaliciousRedLineBrowse
                                                                                                                    • ipinfo.io/ip
                                                                                                                    8BZBgbeCcz.exeGet hashmaliciousRedLineBrowse
                                                                                                                    • ipinfo.io/ip
                                                                                                                    147.45.47.93tZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                      2zdult23rz.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                          WlCIinu0yp.exeGet hashmaliciousLummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                                            file.exeGet hashmaliciousLummaC, GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLineBrowse
                                                                                                                              file.exeGet hashmaliciousLummaC, PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                SecuriteInfo.com.Win32.TrojanX-gen.3413.25873.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                  file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                    file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                      file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        104.26.5.15SecuriteInfo.com.Win64.Evo-gen.17494.7440.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • api.db-ip.com/v2/free/127.0.0.1
                                                                                                                                        Nemty.exeGet hashmaliciousNemtyBrowse
                                                                                                                                        • api.db-ip.com/v2/free/84.17.52.2/countryName
                                                                                                                                        227.exeGet hashmaliciousNemtyBrowse
                                                                                                                                        • api.db-ip.com/v2/free/102.129.143.40/countryName

                                                                                                                                        Domains

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        ipinfo.iotZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        2zdult23rz.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        MegaUniversesMQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        MegaUniversesMQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        WlCIinu0yp.exeGet hashmaliciousLummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        TomeluxGamex.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        TomeluxGamex.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        db-ip.comtZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                        • 172.67.75.166
                                                                                                                                        2zdult23rz.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 104.26.4.15
                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        WlCIinu0yp.exeGet hashmaliciousLummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                                                        • 104.26.4.15
                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                        • 104.26.4.15
                                                                                                                                        file.exeGet hashmaliciousLummaC, PureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                        • 104.26.4.15
                                                                                                                                        SecuriteInfo.com.Win32.TrojanX-gen.3413.25873.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 172.67.75.166
                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 104.26.4.15
                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 104.26.5.15

                                                                                                                                        ASNs

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        GOOGLE-AS-APGoogleAsiaPacificPteLtdSGtZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        2zdult23rz.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        MegaUniversesMQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        MegaUniversesMQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        VOrqSh1Fts.exeGet hashmaliciousNeoreklami, PureLog StealerBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        WlCIinu0yp.exeGet hashmaliciousLummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        TomeluxGamex.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                        • 34.117.186.192
                                                                                                                                        FREE-NET-ASFREEnetEUIauncher.exeGet hashmaliciousRedLineBrowse
                                                                                                                                        • 147.45.47.65
                                                                                                                                        Iauncher.exeGet hashmaliciousRedLineBrowse
                                                                                                                                        • 147.45.47.65
                                                                                                                                        tZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                        • 193.233.132.226
                                                                                                                                        2zdult23rz.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 147.45.47.93
                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 147.45.47.93
                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                        • 193.233.132.175
                                                                                                                                        fBirvIlaOJ.exeGet hashmaliciousRedLineBrowse
                                                                                                                                        • 147.45.47.36
                                                                                                                                        VOrqSh1Fts.exeGet hashmaliciousNeoreklami, PureLog StealerBrowse
                                                                                                                                        • 193.233.132.234
                                                                                                                                        WlCIinu0yp.exeGet hashmaliciousLummaC Stealer, PureLog Stealer, RedLine, RisePro Stealer, Socks5Systemz, Vidar, zgRATBrowse
                                                                                                                                        • 147.45.47.93
                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                        • 193.233.132.47
                                                                                                                                        CLOUDFLARENETUShttps://info.allproscales.com/e/1068402/v8lfjdMKG7A---MRecipient-Email/zkryx/856552164/h/EzPrTnytHknGOVFfyyn1-MkZGv58RodKhjD_VEx0VF0Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                        • 172.67.164.163
                                                                                                                                        https://gettraff.ru/wb?keyword=aderant%20expert%20time%20entryGet hashmaliciousUnknownBrowse
                                                                                                                                        • 104.17.2.184
                                                                                                                                        https://huntleypc-my.sharepoint.com/:b:/g/personal/danielle_huntleyimmigration_com/ERooJelgeBtJtoGwolFuy-ABXgjI9-lBvF-LpkrNwjPN5g?e=mVIvidGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                        • 104.17.25.14
                                                                                                                                        Iauncher.exeGet hashmaliciousRedLineBrowse
                                                                                                                                        • 104.21.44.179
                                                                                                                                        Iauncher.exeGet hashmaliciousRedLineBrowse
                                                                                                                                        • 172.67.202.98
                                                                                                                                        tZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                        • 172.67.151.19
                                                                                                                                        Sean Eichler.htmGet hashmaliciousUnknownBrowse
                                                                                                                                        • 104.16.117.116
                                                                                                                                        https://www.canva.com/design/DAGEAa4PcvI/o5lifZGBI-4kJErApUzUSw/view?utm_content=DAGEAa4PcvI&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                                        • 104.16.103.112
                                                                                                                                        [V2]launcher.exeGet hashmaliciousPureLog Stealer, RedLine, XmrigBrowse
                                                                                                                                        • 104.21.73.118
                                                                                                                                        https://www.canva.com/design/DAGEAa4PcvI/o5lifZGBI-4kJErApUzUSw/view?utm_content=DAGEAa4PcvI&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                        • 104.17.2.184

                                                                                                                                        JA3 Fingerprints

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1tZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        • 34.117.186.192
                                                                                                                                        https://2625819278.org/MIg2p2Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        • 34.117.186.192
                                                                                                                                        https://securepdffilesaccess%E3%80%82com/docx/#9380ZWxsaW90LmdhbGxAZGFjb3RhaGJhbmsuY29t??RBgN==94664=/..=L5QpUY&u=276b8dda4ef94158348d5b6b8&id=6b7205781d#&vg=008d8185-7421-4d39-a8ea-d6571496b99e&stid=14&pti=1&pa=20041&pos=0&p=525094&channelId=21280b5d95ea9121&s=lsfbx0rnvkkgxzgo1sbi4b3z&sgs=2004:15-17+F-150Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        • 34.117.186.192
                                                                                                                                        2zdult23rz.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        • 34.117.186.192
                                                                                                                                        baVrLvRHZY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        • 34.117.186.192
                                                                                                                                        lfY08S61Ig.exeGet hashmaliciousLummaCBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        • 34.117.186.192
                                                                                                                                        TET8iWY1w4.exeGet hashmaliciousLummaCBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        • 34.117.186.192
                                                                                                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        • 34.117.186.192
                                                                                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        • 34.117.186.192
                                                                                                                                        Categories 30-04-2024.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                        • 104.26.5.15
                                                                                                                                        • 34.117.186.192

                                                                                                                                        Dropped Files

                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                        C:\Users\user\AppData\Local\RageMP131\RageMP131.exetZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse
                                                                                                                                          C:\ProgramData\MPGPH131\MPGPH131.exetZvjMg3Hw9.exeGet hashmaliciousPureLog Stealer, RedLine, RisePro Stealer, Vidar, zgRATBrowse

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\ProgramData\MPGPH131\MPGPH131.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3181568
                                                                                                                                            Entropy (8bit):7.9660802629270435
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:fxif1KBMZZVbyY8+z4UlzJz5kr8mqwRQ51QTtHSQ5WBEDVa6I9/fdwg0YY0fra:s1KB2/z4UR55yqfeTtyDBJRj0LJ
                                                                                                                                            MD5:8A5AC55FCE35D8A033DED9E56940152A
                                                                                                                                            SHA1:704B32B4695E9F591147E0A1B055FB15D66FC50D
                                                                                                                                            SHA-256:753C54477705A387E4A0DEE1F54529FA309172175CF22BAEA4DAE67B0005C1DD
                                                                                                                                            SHA-512:5350AF349685FEBF8EC12F70662C2623D3D49444C62C153137491347169706785F48B9D3E6FEFA9B528A2E8A87EE9643491EA5B02B7AAAF6F194948E6E469080
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 37%
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: tZvjMg3Hw9.exe, Detection: malicious, Browse
                                                                                                                                            Reputation:low
                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......j.....s...s...s.e.p.%.s.e.v...s.e.t./.s..y..*.s..yw.=.s..yp.4.s..yv.u.s.e.w.6.s.e.u./.s.e.r.5.s...r...s..zz.2.s..z../.s..../.s..zq./.s.Rich..s.................PE..L.....2f...............'............\.............@.......................................@... .. .... .. ..........P ......\-..............................0 ............................... .......................................................................*..................@.......................................@............P... .......0..............@................p.......8..............@................ ...`...8..............@....rsrc...............................@..@..........x..p...(...H..............@....data.... "......"..p..............@...................................................................................................................................................

                                                                                                                                            C:\ProgramData\MPGPH131\MPGPH131.exe:Zone.Identifier

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26
                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                            Malicious:false
                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                            C:\Users\user\AppData\Local\RageMP131\RageMP131.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3181568
                                                                                                                                            Entropy (8bit):7.9660802629270435
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:fxif1KBMZZVbyY8+z4UlzJz5kr8mqwRQ51QTtHSQ5WBEDVa6I9/fdwg0YY0fra:s1KB2/z4UR55yqfeTtyDBJRj0LJ
                                                                                                                                            MD5:8A5AC55FCE35D8A033DED9E56940152A
                                                                                                                                            SHA1:704B32B4695E9F591147E0A1B055FB15D66FC50D
                                                                                                                                            SHA-256:753C54477705A387E4A0DEE1F54529FA309172175CF22BAEA4DAE67B0005C1DD
                                                                                                                                            SHA-512:5350AF349685FEBF8EC12F70662C2623D3D49444C62C153137491347169706785F48B9D3E6FEFA9B528A2E8A87EE9643491EA5B02B7AAAF6F194948E6E469080
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 37%
                                                                                                                                            Joe Sandbox View:
                                                                                                                                            • Filename: tZvjMg3Hw9.exe, Detection: malicious, Browse
                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......j.....s...s...s.e.p.%.s.e.v...s.e.t./.s..y..*.s..yw.=.s..yp.4.s..yv.u.s.e.w.6.s.e.u./.s.e.r.5.s...r...s..zz.2.s..z../.s..../.s..zq./.s.Rich..s.................PE..L.....2f...............'............\.............@.......................................@... .. .... .. ..........P ......\-..............................0 ............................... .......................................................................*..................@.......................................@............P... .......0..............@................p.......8..............@................ ...`...8..............@....rsrc...............................@..@..........x..p...(...H..............@....data.... "......"..p..............@...................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\RageMP131\RageMP131.exe:Zone.Identifier

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):26
                                                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                            C:\Users\user\AppData\Local\Temp\QEGVANwj0k6bYEp2nEbzchm.zip

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5622
                                                                                                                                            Entropy (8bit):7.907632381450328
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:bWGzqeAoMq+YK0KF8cAJiI2i+u5EoksydEmuNNkgh90Bx3KJy:nqASpF8wFiEordmuN14x6Jy
                                                                                                                                            MD5:A61B70A2B5BF7E5ABBC2F6039CAF11C1
                                                                                                                                            SHA1:DBBE8098C3340BBA0A8B8D1EF64CAA3670AF6944
                                                                                                                                            SHA-256:4DE31077B0040A69E92F7DD832ECDDB82100A2CD60B02092D9623628C3F85A96
                                                                                                                                            SHA-512:BF9315EB15CEBB41673C88F44C6D2835945AA340CDEF78D2D6B0C33DA0119A060B19ACA2E3649874B5CF57DFA0E78DBE65F032E5E69935738CBC96413C2327B8
                                                                                                                                            Malicious:true
                                                                                                                                            Yara Hits:
                                                                                                                                            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\QEGVANwj0k6bYEp2nEbzchm.zip, Author: Joe Security
                                                                                                                                            Preview:PK......... .X................Cookies\..PK.........!.XQn.+............Cookies\Chrome_Default.txt.G..r...U.#.5C.....s$..-.D...7.\..$.G.)o....:....Z.C.f_..pm............"..t..t....}.k.@...a.2+P`.0.x.>....s..k%.._..b..P..((......B.....`.7..-m..JY..F....E.*.l.....I..&.....<J..M.......,V...)b.....Q..k......M?.5L....h}......X..'.0..tB.G...\;.a....4.......B4.......J.4.6.y:....4.-.UfE...3A*p.U5UX....Z.g:*e.j.C..Bw..........e..a^.vU:....$..U......B..`._.e.....+...9.{u...7.e...H.]02...%yR".0...x...P<..N....R.}....{.G...;..c..x...kw.'S>.d|.....B..k.9.t.!>.rh...~n.[....s#/....`.!..Kb8%&.vZB`....O|.....>K......L*...d0..03..t...T&.......`N.xp.."..J.......Q.....c..5...).Z.91.6.j..G.....Wr...a.52!..(^.U.....6....dB.D.^...7..0H.\J9.H.$^`e"..d...\....B.8Z=.qeP.3Y.>..'W.X..T..>z...,..K......g....%B.w4#...;.[]u|....v...3.;L..U?..b.....u..*..... .......F...P.a...|R*3.=......r.:.64...#D..^..>.A..ZT.]E........t...f...1..3.....`...X.....C.]%...p.p.ym

                                                                                                                                            C:\Users\user\AppData\Local\Temp\rage131MP.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:modified
                                                                                                                                            Size (bytes):13
                                                                                                                                            Entropy (8bit):2.6612262562697895
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Lthl:jl
                                                                                                                                            MD5:0E21E271B36CFDBE2F435D735A5673E2
                                                                                                                                            SHA1:1F232568CB7BDED044CD9DA734A0A1BC4CC33A96
                                                                                                                                            SHA-256:24CE6464BCACEA0E1E866010EF01CE09C337754CF5EA5A619F0E6A6055CD45F8
                                                                                                                                            SHA-512:924F17B4B4F0C152EFA00CDF0F091D0D962D07707E9292B8C26BEA8A56FC2C7DDBCE77034172064A14619B313ED4BB83AD1F08A73D2AC8B1DAE85E02156DC8BD
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:1714595572273

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\02zdBXl47cvzcookies.sqlite

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):98304
                                                                                                                                            Entropy (8bit):0.08235737944063153
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\21DwcKzffyvaHistory

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):126976
                                                                                                                                            Entropy (8bit):0.47147045728725767
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                            MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                            SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                            SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                            SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\3b6N2Xdh3CYwplaces.sqlite

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5242880
                                                                                                                                            Entropy (8bit):0.037963276276857943
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                            MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                            SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                            SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                            SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\6IHWoe8lbZ9DHistory

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):159744
                                                                                                                                            Entropy (8bit):0.7873599747470391
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                            MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                            SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                            SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                            SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\7_kVUmGHRa2QCookies

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):28672
                                                                                                                                            Entropy (8bit):2.5793180405395284
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                            MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                            SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                            SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                            SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\B3Goucp0LR0WHistory

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):126976
                                                                                                                                            Entropy (8bit):0.47147045728725767
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                            MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                            SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                            SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                            SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\D4_tggVjtkMeHistory

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):159744
                                                                                                                                            Entropy (8bit):0.7873599747470391
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                            MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                            SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                            SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                            SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\D87fZN3R3jFeplaces.sqlite

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):5242880
                                                                                                                                            Entropy (8bit):0.037963276276857943
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                            MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                            SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                            SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                            SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\G_ExU1umMCApWeb Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):106496
                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\H6IiOe1a4hMNWeb Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):114688
                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\KBaxgQuPqXyZWeb Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):114688
                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\VuhoTc5LnxleLogin Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40960
                                                                                                                                            Entropy (8bit):0.8553638852307782
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\bIxp5h8t6jVCLogin Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):49152
                                                                                                                                            Entropy (8bit):0.8180424350137764
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                            MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                            SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                            SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                            SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\fcfJXGhjOs0_Web Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):106496
                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\pYWgEYS5jDmHWeb Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):114688
                                                                                                                                            Entropy (8bit):0.9746603542602881
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                            MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                            SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                            SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                            SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\yQm3EH6MY0Q2Web Data

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):106496
                                                                                                                                            Entropy (8bit):1.1358696453229276
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                            MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                            SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                            SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                            SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\spanDslgJunaCvTA\zMQYNC4o8CfOLogin Data For Account

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):40960
                                                                                                                                            Entropy (8bit):0.8553638852307782
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                            MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                            SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                            SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                            SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\trixyDslgJunaCvTA\Cookies\Chrome_Default.txt

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:ASCII text, with very long lines (769), with CRLF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6085
                                                                                                                                            Entropy (8bit):6.038274200863744
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:gxsumX/xKO2KbcRfbZJ5Jxjxcx1xcbza5BC126oxgxA26Fxr/CxbTxqCGYURxOeb:gWFXZQHRFJ5Pts7c3avC126Ygb6Lr/WY
                                                                                                                                            MD5:ACB5AD34236C58F9F7D219FB628E3B58
                                                                                                                                            SHA1:02E39404CA22F1368C46A7B8398F5F6001DB8F5C
                                                                                                                                            SHA-256:05E5013B848C2E619226F9E7A084DC7DCD1B3D68EE45108F552DB113D21B49D1
                                                                                                                                            SHA-512:5895F39765BA3CEDFD47D57203FD7E716347CD79277EDDCDC83A729A86E2E59F03F0E7B6B0D0E7C7A383755001EDACC82171052BE801E015E6BF7E6B9595767F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:.google.com.TRUE./.TRUE.1712145003.NID.ENC893*_djEw3+k+F2A/rK1XOX2BXUq6pY2LBCOzoXODiJnrrvDbDsPWiYwKZowg9PxHqkTm37HpwC52rXpnuUFrQMpV3iKtdSHegOm+XguZZ6tGaCY2hGVyR8JgIqQma1WLXyhCiWqjou7/c3qSeaKyNoUKHa4TULX4ZnNNtXFoCuZcBAAy4tYcz+0BF4j/0Pg+MgV+s7367kYcjO4q3zwc+XorjSs7PlgWlYrcc55rCJplhJ+H13M00HIdLm+1t9PACck2xxSWX2DsA61sEDJCHEc=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.FALSE./.TRUE.1696413835..AspNetCore.AuthProvider.ENC893*_djEwVWJCCNyFkY3ZM/58ZZ/F/bz9H1yPvi6FOaroXC+KU8E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.Correlation.mdRqPJxLbpyv7vX0eK9YkTR-xwcrW3VBLE4Y3HEvxuU.ENC893*_djEwBAKLrkJs5PZ6BD7Beoa9N/bOSh5JtRch10gZT+E=_b3i0u6LLcKCMUaF/UlQgEPSL9PtLZ21CuT1dJkfCzME=*..support.microsoft.com.TRUE./signin-oidc.TRUE.1696414135..AspNetCore.OpenIdConnect.Nonce.CfDJ8Kiuy_B5JgFMo7PeP95NLhqwcJ8koDy5pXkfoWsb5SbbU2hVCbsH2qt9GF_OVCqFkLEwhvzeADNQOF5RSmkDfh5RqfqlOkx5QWo4Lltvwb0CvwBFD8ujlm3BAglOeGca3ZatkLMUkH

                                                                                                                                            C:\Users\user\AppData\Local\Temp\trixyDslgJunaCvTA\information.txt

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7056
                                                                                                                                            Entropy (8bit):5.50893406504588
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:xWeGvAtphWhcBXb/wrzNm9REdpUT2A3pWah2wi02GlABnKU2z2PNZoNi/3b2e2ue:NGvAtfWhcBXb/wrzNm9REdpUqA3pWags
                                                                                                                                            MD5:E9A956A00C6E36AFF62AEC734F184183
                                                                                                                                            SHA1:85A901AC729262F94AD19790DC855E3321F8ABA1
                                                                                                                                            SHA-256:4CC2FA4F8A620F3FEAB044FA89CED8B0065B3F65FA8887043BB8EF0B84C9F363
                                                                                                                                            SHA-512:9AE435046A7A5BCE16AAFC51997B2340DE85FF2042DB82DD269DFB742162129E98D804A16B9490BEF75DB631C9D1D4830EAE1CA9F51F5C68145F638A87CDF780
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:Build: buben..Version: 1.9....Date: Tue May 28 04:04:32 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 5e89b3611d86ec7f563db220048eb86e....Path: C:\Users\user\AppData\Local\RageMP131\RageMP131.exe..Work Dir: C:\Users\user\AppData\Local\Temp\trixyDslgJunaCvTA....IP: 149.18.24.96..Location: US, Washington..ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 971342 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 28/5/2024 4:4:32..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [324]..csrss.exe [408]..wininit.exe [484]..csrss.exe [492]..winlogon.exe [552]..services.exe [620]..lsass.exe [628]..svchost.exe [752]..fontdrvhost.exe [776]..font

                                                                                                                                            C:\Users\user\AppData\Local\Temp\trixyDslgJunaCvTA\passwords.txt

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):4897
                                                                                                                                            Entropy (8bit):2.518316437186352
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                                                                                            MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                                                                                            SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                                                                                            SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                                                                                            SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Entropy (8bit):7.9660802629270435
                                                                                                                                            TrID:
                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                            File name:SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
                                                                                                                                            File size:3'181'568 bytes
                                                                                                                                            MD5:8a5ac55fce35d8a033ded9e56940152a
                                                                                                                                            SHA1:704b32b4695e9f591147e0a1b055fb15d66fc50d
                                                                                                                                            SHA256:753c54477705a387e4a0dee1f54529fa309172175cf22baea4dae67b0005c1dd
                                                                                                                                            SHA512:5350af349685febf8ec12f70662c2623d3d49444c62c153137491347169706785f48b9d3e6fefa9b528a2e8a87ee9643491ea5b02b7aaaf6f194948e6e469080
                                                                                                                                            SSDEEP:49152:fxif1KBMZZVbyY8+z4UlzJz5kr8mqwRQ51QTtHSQ5WBEDVa6I9/fdwg0YY0fra:s1KB2/z4UR55yqfeTtyDBJRj0LJ
                                                                                                                                            TLSH:9EE533EB1195F20CFD8849F55D9FCB3305959EBD462B2C84A1D3BEB7307BC461AA8098
                                                                                                                                            File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......j.....s...s...s.e.p.%.s.e.v...s.e.t./.s..y..*.s..yw.=.s..yp.4.s..yv.u.s.e.w.6.s.e.u./.s.e.r.5.s...r...s..zz.2.s..z../.s...../.s

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:4c4d96ec0ce6c600

                                                                                                                                            Static PE Info

                                                                                                                                            General

                                                                                                                                            Entrypoint:0xf4f65c
                                                                                                                                            Entrypoint Section:.data
                                                                                                                                            Digitally signed:false
                                                                                                                                            Imagebase:0x400000
                                                                                                                                            Subsystem:windows gui
                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                            Time Stamp:0x663202DB [Wed May 1 08:52:43 2024 UTC]
                                                                                                                                            TLS Callbacks:
                                                                                                                                            CLR (.Net) Version:
                                                                                                                                            OS Version Major:6
                                                                                                                                            OS Version Minor:0
                                                                                                                                            File Version Major:6
                                                                                                                                            File Version Minor:0
                                                                                                                                            Subsystem Version Major:6
                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                            Import Hash:272279f18f704f637aa129691266b291

                                                                                                                                            Entrypoint Preview

                                                                                                                                            Instruction
                                                                                                                                            jmp 00007FF134B0FD8Ah
                                                                                                                                            add byte ptr [eax+0Eh], dh
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax-18h], ah
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            pop ebp
                                                                                                                                            sub ebp, 00000010h
                                                                                                                                            sub ebp, 00B4F65Ch
                                                                                                                                            jmp 00007FF134B0FD89h
                                                                                                                                            or eax, B869C46Fh
                                                                                                                                            pop esp
                                                                                                                                            div byte ptr [eax+eax-3F7E3AFDh]
                                                                                                                                            dec esp
                                                                                                                                            add byte ptr [eax], al
                                                                                                                                            add byte ptr [ecx+000005A8h], bh
                                                                                                                                            mov edx, 76178C63h
                                                                                                                                            xor byte ptr [eax], dl
                                                                                                                                            inc eax
                                                                                                                                            dec ecx
                                                                                                                                            jne 00007FF134B0FD7Ch
                                                                                                                                            jmp 00007FF134B0FD89h
                                                                                                                                            and eax, E821EA00h
                                                                                                                                            scasb
                                                                                                                                            call 00007FF198145D6Fh
                                                                                                                                            arpl dx, sp
                                                                                                                                            mov byte ptr [6363639Bh], al
                                                                                                                                            pushad
                                                                                                                                            scasb

                                                                                                                                            Data Directories

                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x9320500xd09.data
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x932d5c0x3b0.data
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x19c0000xafa0.rsrc
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x9320300x10.data
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x9320000x18.data
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                            Sections

                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                            0x10000x1590000x92a0052e4d0d27c5a8f727cafbaa7a758e5eeFalse0.9997519048380221data7.999649688016574IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            0x15a0000x280000x10200e89599a8c905db2eb8d646a12a5aeb90False0.9934290213178295data7.99052780466811IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            0x1820000x50000x800a32ff45cd995e809dc34a34d15496f7aFalse0.99267578125data7.820875432384983IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            0x1870000xb0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            0x1920000xa0000x6000e9b705d42392314870705a9af25076bdFalse1.0006510416666667SysEx File -7.992787647902555IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .rsrc0x19c0000xb0000xb000f55c5215c73a04b580fdee8f27a08ae5False0.11330344460227272data2.153423809128472IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                            0x1a70000x7880000x328001acf9b95807838523f488e92264571a4unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                            .data0x92f0000x2220000x221c00142410e31e8a64067e2fea7a6a37d478unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                            Resources

                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                            RT_ICON0x19c2500x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024RussianRussia0.1320921985815603
                                                                                                                                            RT_ICON0x19c6b80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1600RussianRussia0.10465116279069768
                                                                                                                                            RT_ICON0x19cd700x988Device independent bitmap graphic, 24 x 48 x 32, image size 2304RussianRussia0.08770491803278689
                                                                                                                                            RT_ICON0x19d6f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096RussianRussia0.05722326454033771
                                                                                                                                            RT_ICON0x19e7a00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216RussianRussia0.03475103734439834
                                                                                                                                            RT_ICON0x1a0d480x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384RussianRussia0.02509447331128956
                                                                                                                                            RT_ICON0x1a4f700x1aaePNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedRussianRussia0.39780380673499266
                                                                                                                                            RT_GROUP_ICON0x1a6a200x68dataRussianRussia0.7596153846153846
                                                                                                                                            RT_VERSION0x1a6a880x398OpenPGP Public KeyRussianRussia0.42282608695652174
                                                                                                                                            RT_MANIFEST0x1a6e200x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                            Imports

                                                                                                                                            DLLImport
                                                                                                                                            kernel32.dllGetModuleHandleA, GetProcAddress, ExitProcess, LoadLibraryA
                                                                                                                                            user32.dllMessageBoxA
                                                                                                                                            advapi32.dllRegCloseKey
                                                                                                                                            oleaut32.dllSysFreeString
                                                                                                                                            gdi32.dllCreateFontA
                                                                                                                                            shell32.dllShellExecuteA
                                                                                                                                            version.dllGetFileVersionInfoA
                                                                                                                                            ole32.dllCoInitialize
                                                                                                                                            WS2_32.dllWSAStartup
                                                                                                                                            CRYPT32.dllCryptUnprotectData
                                                                                                                                            SHLWAPI.dllPathFindExtensionA
                                                                                                                                            gdiplus.dllGdipGetImageEncoders
                                                                                                                                            SETUPAPI.dllSetupDiEnumDeviceInfo
                                                                                                                                            ntdll.dllRtlUnicodeStringToAnsiString
                                                                                                                                            RstrtMgr.DLLRmStartSession

                                                                                                                                            Possible Origin

                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                            RussianRussia
                                                                                                                                            EnglishUnited States

                                                                                                                                            Network Behavior

                                                                                                                                            Snort IDS Alerts

                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                            05/01/24-21:28:21.747237TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4973158709192.168.2.4147.45.47.93
                                                                                                                                            05/01/24-21:28:07.401095TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4974058709192.168.2.4147.45.47.93
                                                                                                                                            05/01/24-21:26:25.313213TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5870949730147.45.47.93192.168.2.4
                                                                                                                                            05/01/24-21:25:22.952144TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949730147.45.47.93192.168.2.4
                                                                                                                                            05/01/24-21:28:21.731238TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4973058709192.168.2.4147.45.47.93
                                                                                                                                            05/01/24-21:25:22.787637TCP2049060ET TROJAN RisePro TCP Heartbeat Packet4973058709192.168.2.4147.45.47.93
                                                                                                                                            05/01/24-21:25:33.353823TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949733147.45.47.93192.168.2.4
                                                                                                                                            05/01/24-21:26:25.907179TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5870949733147.45.47.93192.168.2.4
                                                                                                                                            05/01/24-21:25:27.381179TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949732147.45.47.93192.168.2.4
                                                                                                                                            05/01/24-21:25:27.359968TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949731147.45.47.93192.168.2.4
                                                                                                                                            05/01/24-21:26:26.205307TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5870949740147.45.47.93192.168.2.4
                                                                                                                                            05/01/24-21:25:43.854924TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)5870949740147.45.47.93192.168.2.4
                                                                                                                                            05/01/24-21:26:25.562531TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5870949731147.45.47.93192.168.2.4
                                                                                                                                            05/01/24-21:26:25.578399TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)5870949732147.45.47.93192.168.2.4
                                                                                                                                            05/01/24-21:28:21.838617TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4973358709192.168.2.4147.45.47.93
                                                                                                                                            05/01/24-21:28:21.779239TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4973258709192.168.2.4147.45.47.93

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            May 1, 2024 21:25:22.536684036 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:22.743758917 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:22.743829012 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:22.787636995 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:22.952143908 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:22.994142056 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:23.036832094 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:26.246426105 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:26.506093025 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:26.944911957 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:26.964804888 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:27.152410984 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:27.152519941 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:27.163434029 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:27.163505077 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:27.173763037 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:27.174129963 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:27.359967947 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:27.381179094 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:27.400408030 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:27.427766085 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:27.433952093 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:30.606602907 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:30.606777906 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:30.849961996 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:30.864993095 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:32.938488007 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:33.146033049 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:33.146267891 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:33.156392097 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:33.353822947 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:33.400429964 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:33.412201881 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:36.593226910 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:36.849450111 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:43.404674053 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:43.613454103 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:43.613564014 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:43.625684023 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:43.854923964 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:43.900470018 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:46.994354010 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:47.256174088 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:25:59.119379997 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:25:59.380968094 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:02.911839008 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:02.911912918 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:03.162487030 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:03.162652969 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:08.869693041 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:08.869801998 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:09.130764008 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:09.130785942 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:15.166704893 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:15.427872896 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:15.619611025 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:15.619718075 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:15.865510941 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:15.881042957 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:18.291781902 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:18.552758932 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:18.929616928 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:19.178109884 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:21.420030117 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:21.420109987 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:21.677777052 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:21.677791119 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:22.994589090 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:22.994682074 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:23.240539074 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:23.256016016 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:24.572236061 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:24.834083080 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:25.313213110 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:25.363082886 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:25.562530994 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:25.578398943 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:25.603718042 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:25.621920109 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:25.859685898 CEST49742443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:25.859724045 CEST4434974234.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:25.859833002 CEST49742443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:25.864847898 CEST49743443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:25.864883900 CEST4434974334.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:25.864959002 CEST49743443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:25.867724895 CEST49744443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:25.867733002 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:25.867791891 CEST49744443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:25.899658918 CEST49744443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:25.899681091 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:25.901757956 CEST49743443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:25.901777029 CEST4434974334.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:25.902115107 CEST49742443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:25.902141094 CEST4434974234.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:25.907179117 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:25.947485924 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:26.010564089 CEST49745443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.010600090 CEST4434974534.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.010660887 CEST49745443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.012118101 CEST49745443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.012128115 CEST4434974534.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.101386070 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.101533890 CEST49744443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.102693081 CEST4434974234.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.102714062 CEST4434974334.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.102868080 CEST49742443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.104116917 CEST49743443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.104116917 CEST49744443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.104134083 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.104424000 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.104748964 CEST49742443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.104758024 CEST4434974234.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.105017900 CEST4434974234.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.105448961 CEST49743443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.105454922 CEST4434974334.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.105710983 CEST4434974334.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.150705099 CEST49744443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.150705099 CEST49743443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.150715113 CEST49742443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.181766033 CEST49743443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.193159103 CEST49742443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.199461937 CEST49744443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.205307007 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.214221001 CEST4434974534.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.214387894 CEST49745443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.216794014 CEST49745443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.216804981 CEST4434974534.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.217148066 CEST4434974534.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.228130102 CEST4434974334.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.236159086 CEST4434974234.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.240113020 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.259955883 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:26.259983063 CEST49745443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.271831989 CEST49745443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.312134981 CEST4434974534.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.329014063 CEST4434974234.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.329171896 CEST4434974234.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.329286098 CEST49742443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.329592943 CEST4434974334.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.329735994 CEST4434974334.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.329782009 CEST49743443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.334498882 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.334604979 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.334667921 CEST49744443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.361538887 CEST49744443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.361571074 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.361586094 CEST49744443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.361592054 CEST4434974434.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.361603975 CEST49742443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.361635923 CEST4434974234.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.361682892 CEST49742443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.361689091 CEST4434974234.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.361736059 CEST49743443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.361741066 CEST4434974334.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.361757040 CEST49743443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.361759901 CEST4434974334.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.433279037 CEST49746443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.433326006 CEST4434974634.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.433393955 CEST49746443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.434642076 CEST49746443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.434659004 CEST4434974634.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.435190916 CEST4434974534.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.435300112 CEST4434974534.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.435350895 CEST49745443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.435705900 CEST49745443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.435719013 CEST4434974534.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.435729027 CEST49745443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.435734034 CEST4434974534.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.467876911 CEST49747443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.467916012 CEST44349747104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.467995882 CEST49747443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.468838930 CEST49747443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.468853951 CEST44349747104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.469346046 CEST49749443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.469393015 CEST44349749104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.469427109 CEST49748443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.469439983 CEST44349748104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.469482899 CEST49749443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.469518900 CEST49748443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.469943047 CEST49748443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.469957113 CEST44349748104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.470146894 CEST49749443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.470156908 CEST44349749104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.470868111 CEST49750443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.470910072 CEST44349750104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.470978975 CEST49750443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.471251011 CEST49750443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.471262932 CEST44349750104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.630219936 CEST4434974634.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.630289078 CEST49746443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.631795883 CEST49746443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.631805897 CEST4434974634.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.632045031 CEST4434974634.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.670736074 CEST44349749104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.670803070 CEST49749443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.671341896 CEST44349747104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.671401978 CEST49747443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.672894001 CEST44349750104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.672949076 CEST49750443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.676326990 CEST44349748104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.676383972 CEST49748443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.680999994 CEST49749443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.681025982 CEST44349749104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.681268930 CEST44349749104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.681840897 CEST49746443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.683218002 CEST49747443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.683232069 CEST44349747104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.683514118 CEST44349747104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.685237885 CEST49747443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.687206984 CEST49750443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.687239885 CEST44349750104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.687577009 CEST44349750104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.689167976 CEST49750443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.690340996 CEST49748443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.690360069 CEST44349748104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.691529989 CEST44349748104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.693087101 CEST49748443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.703123093 CEST49749443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.709512949 CEST49746443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.732119083 CEST44349747104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.736116886 CEST44349750104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.740113020 CEST44349748104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.744119883 CEST44349749104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.756129980 CEST4434974634.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.853899956 CEST4434974634.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.854022026 CEST4434974634.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.854080915 CEST49746443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.854551077 CEST49746443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.854572058 CEST4434974634.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.854583979 CEST49746443192.168.2.434.117.186.192
                                                                                                                                            May 1, 2024 21:26:26.854588985 CEST4434974634.117.186.192192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.855998039 CEST49751443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.856038094 CEST44349751104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.856091022 CEST49751443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.856436014 CEST49751443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.856450081 CEST44349751104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.949851036 CEST44349747104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.949945927 CEST44349747104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.949991941 CEST49747443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.950135946 CEST49747443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.950150013 CEST44349747104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.950165987 CEST49747443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.950170994 CEST44349747104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.950582981 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:26.951071024 CEST44349750104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.951169968 CEST44349750104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.951210976 CEST49750443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.951342106 CEST49750443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.951358080 CEST44349750104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.951369047 CEST49750443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.951375008 CEST44349750104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.951694965 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:26.959259033 CEST44349748104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.959376097 CEST44349748104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.959424973 CEST49748443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.959552050 CEST49748443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.959568024 CEST44349748104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.959580898 CEST49748443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.959585905 CEST44349748104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.959944010 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:26.961407900 CEST44349749104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.961536884 CEST44349749104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.961591959 CEST49749443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.962490082 CEST49749443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.962506056 CEST44349749104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.962522030 CEST49749443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:26.962536097 CEST44349749104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.962825060 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:27.053378105 CEST44349751104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.053448915 CEST49751443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:27.055201054 CEST49751443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:27.055212021 CEST44349751104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.055450916 CEST44349751104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.056792974 CEST49751443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:27.104125977 CEST44349751104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.209115982 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.209140062 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.209151983 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.224797010 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.328027964 CEST44349751104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.328150988 CEST44349751104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.328296900 CEST49751443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:27.328854084 CEST49751443192.168.2.4104.26.5.15
                                                                                                                                            May 1, 2024 21:26:27.328870058 CEST44349751104.26.5.15192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.329936981 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:27.430403948 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.478816032 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:27.571160078 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.583870888 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.586348057 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.619353056 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:27.635024071 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:27.743238926 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:27.791280031 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:28.038999081 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:28.088176012 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:29.085803032 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:29.136549950 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:29.850797892 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:29.867506027 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:29.901019096 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:29.917244911 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:30.008639097 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:30.056958914 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:30.288882971 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:30.338094950 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:32.213443995 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:32.474967957 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:32.963615894 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:32.994601965 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:33.150990009 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:33.224697113 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:33.240462065 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:33.412456036 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:33.416438103 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:33.677884102 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:34.461990118 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:34.478096962 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:34.588113070 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:34.650605917 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:35.353960991 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:35.615447998 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:36.291387081 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:36.552942038 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:36.554003954 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:36.634028912 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:37.603965044 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:37.619508982 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:37.865428925 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:37.865449905 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:38.494537115 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:38.755898952 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:38.776896000 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:38.807284117 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:39.068485975 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:39.837127924 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:40.100006104 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:40.955557108 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:40.955560923 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:41.208967924 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:41.208992958 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:41.497997046 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:41.526456118 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:41.629386902 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:41.787164927 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:41.880737066 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:41.924999952 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:42.178117037 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:42.445537090 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:42.681946993 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:42.865344048 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:42.865472078 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:44.088555098 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:44.088633060 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:44.289928913 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:44.334450006 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:44.349967003 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:44.447658062 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:45.143126011 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:45.396461010 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:45.631612062 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:45.776808977 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:45.881192923 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:45.881326914 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:46.131134987 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:47.307429075 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:47.307493925 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:47.525899887 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:47.553311110 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:47.568382978 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:47.787415981 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:48.636013985 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:48.896646023 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:48.916609049 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:49.177839041 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:49.382778883 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:49.397294044 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:49.447608948 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:49.522351980 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:49.572546959 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:49.586822033 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:49.757308006 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:49.885071039 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:50.853054047 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:50.996041059 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:51.010349989 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:51.025269032 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:51.072599888 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:51.072663069 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:51.124707937 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:51.271866083 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:51.365370035 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:51.694581032 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:51.744467974 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:51.773473024 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:51.885055065 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:53.414736032 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:53.476227999 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:53.491590023 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:53.572613001 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:53.573106050 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:53.635143995 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:54.244281054 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.291812897 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:54.325567961 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.325591087 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.325603962 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.325619936 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.325634003 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.325649977 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.325654030 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:54.325668097 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.325681925 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.325695992 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.325709105 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.325715065 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:54.325735092 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:54.325752974 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:54.533770084 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.533797979 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.533812046 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.533826113 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.533840895 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.533855915 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.533901930 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:54.533962011 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:54.552750111 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:54.620155096 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:54.880940914 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:56.591617107 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:56.604186058 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:56.620269060 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:56.849947929 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:56.865597963 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:56.865614891 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:57.303716898 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:57.366488934 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:57.382510900 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:57.385107994 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:57.385318041 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:57.447551966 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:57.572567940 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:57.646922112 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:57.651066065 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:57.912477970 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:58.070822954 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:58.135139942 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:58.147639990 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:58.385113001 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:26:59.804054976 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:26:59.885070086 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.479069948 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.494812012 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.538566113 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.553860903 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.592184067 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.637057066 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.637079000 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.637098074 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.637113094 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.637129068 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.637135029 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.637144089 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.637160063 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.637176991 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.637178898 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.637192011 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.637193918 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.637209892 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.637236118 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.637263060 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.681951046 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.713897943 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.740163088 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.740202904 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.791744947 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.844729900 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.844753027 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.844775915 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.844815016 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.844831944 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.844846010 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:00.844860077 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:00.844984055 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:01.052922964 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:01.508840084 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:01.555993080 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:01.570611000 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:01.572592020 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:01.633457899 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:01.650716066 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:01.681956053 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:01.710283041 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:01.838252068 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:01.885118008 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:02.021581888 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:02.025201082 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:04.214462042 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:04.242326975 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:04.258624077 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:04.291749001 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:04.318532944 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:04.385102034 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:04.416623116 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:04.416693926 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:04.553451061 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:04.838583946 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:05.099845886 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:06.808696032 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:06.885111094 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:07.339116096 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:07.403520107 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:07.403768063 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:07.599817991 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:07.646922112 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:07.662559032 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:09.947890043 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:10.209151030 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:10.744820118 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:10.744890928 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:10.744929075 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:10.990748882 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:11.005841017 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:11.005857944 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:13.088439941 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:13.349725008 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:13.885577917 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:13.885648966 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:13.885720968 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:14.131442070 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:14.146908045 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:14.147078037 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:16.073370934 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:16.229501009 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:16.334378004 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:16.334434986 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:16.490313053 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:16.584563017 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:17.019364119 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:17.019390106 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:17.019499063 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:17.271800041 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:17.271815062 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:17.271884918 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:19.370318890 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:19.463671923 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:19.631334066 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:19.724893093 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:20.135355949 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:20.135382891 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:20.135426044 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:20.381159067 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:20.396776915 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:20.396800041 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:22.510946989 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:22.589196920 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:22.771977901 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:22.849759102 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:23.276166916 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:23.276228905 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:23.276285887 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:23.521693945 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:23.537266970 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:23.537287951 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:25.635494947 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:25.713449001 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:25.896761894 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:25.975097895 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:26.416692972 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:26.416737080 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:26.416812897 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:26.662513971 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:26.678062916 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:26.678093910 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:28.775986910 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:28.838736057 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:29.037161112 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:29.099888086 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:29.557382107 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:29.557390928 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:29.557475090 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:29.803167105 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:29.818702936 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:29.818720102 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:31.916651964 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:31.963546038 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:32.177901030 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:32.224845886 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:32.697988987 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:32.698059082 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:32.698060036 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:32.943614006 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:32.959213018 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:32.959228992 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:35.041676998 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:35.104281902 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:35.303169012 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:35.365390062 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:35.822896004 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:35.822901011 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:35.823046923 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:36.068844080 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:36.084404945 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:36.084419012 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:38.166676044 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:38.245023012 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:38.428245068 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:38.506053925 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:38.963576078 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:38.963658094 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:38.963660002 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:39.211533070 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:39.227030993 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:39.227171898 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:41.307655096 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:41.385469913 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:41.568598986 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:41.647034883 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:42.104161024 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:42.104177952 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:42.104233980 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:42.349942923 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:42.365514994 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:42.365530968 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:44.448003054 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:44.510529995 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:44.709104061 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:44.771740913 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:45.229157925 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:45.229240894 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:45.229262114 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:45.474987984 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:45.490638971 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:45.490655899 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:47.588718891 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:47.635535955 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:47.850296974 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:47.896569014 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:48.354233980 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:48.354324102 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:48.354321957 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:48.599921942 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:48.615489006 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:48.615506887 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:50.713824987 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:50.776067972 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:50.974843979 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:51.037457943 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:51.479306936 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:51.479317904 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:51.479376078 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:51.725091934 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:51.740634918 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:51.740655899 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:53.838664055 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:53.916735888 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:54.099824905 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:54.178150892 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:54.569576979 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:54.603852034 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:54.619761944 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:54.619844913 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:54.635462999 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:54.775897980 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:54.777745008 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:54.865556002 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:54.869570017 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:54.896825075 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:55.115550995 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:55.476336002 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:55.507759094 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:55.522375107 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:55.572746992 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:55.573174953 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:55.605173111 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:55.619842052 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:55.650892019 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:55.805483103 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:55.881040096 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:55.885283947 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:58.604350090 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:58.635473013 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:58.635509014 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:58.745351076 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:58.865533113 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:58.881289959 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:58.896828890 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:58.932416916 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:27:59.006287098 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:27:59.194050074 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:01.729316950 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:01.760560036 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:01.760579109 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:01.869893074 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:01.990662098 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:02.006325960 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:02.021910906 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:02.057351112 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:02.131221056 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:02.319025040 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:03.367536068 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:03.398979902 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:03.414099932 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:03.519082069 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:03.588403940 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:03.588480949 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:04.288732052 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:04.385373116 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:05.010545969 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:05.271766901 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:06.479249001 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:06.510432005 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:06.526078939 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:06.740415096 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:06.771759033 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:06.771785021 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:07.401094913 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:07.662287951 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:08.135638952 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:08.396735907 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:08.737859964 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:08.737977982 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:08.945918083 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:08.946007013 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:08.946021080 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:08.946034908 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:09.194103956 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:09.607228994 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:09.639224052 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:09.651201010 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:09.865904093 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:09.896768093 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:09.896794081 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:10.085731030 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:10.117101908 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:10.132127047 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:10.178822994 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:10.216742039 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:10.275906086 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:10.275969982 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:10.319755077 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:10.336569071 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:10.385274887 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:11.776310921 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:11.985289097 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:13.201436043 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:13.244884968 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:13.260528088 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:13.307573080 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:13.459130049 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:13.506148100 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:13.506174088 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:13.569034100 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:16.338695049 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:16.369940996 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:16.385576963 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:16.448007107 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:16.600245953 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:16.631088018 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:16.631108046 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:16.700263977 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:18.601741076 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:18.632256985 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:18.648587942 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:18.710263968 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:18.747231960 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:18.776005030 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:18.779237986 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:18.808530092 CEST5870949740147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:18.808660030 CEST4974058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:18.951323032 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:21.731237888 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:21.747236967 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:21.779238939 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:21.838617086 CEST4973358709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:21.990612030 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:22.006256104 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:22.021951914 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:22.099889040 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:23.930005074 CEST5870949730147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:23.975965977 CEST5870949731147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:23.991672039 CEST5870949732147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:24.039479017 CEST5870949733147.45.47.93192.168.2.4
                                                                                                                                            May 1, 2024 21:28:24.053514957 CEST4973158709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:24.088459015 CEST4973058709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:24.088520050 CEST4973258709192.168.2.4147.45.47.93
                                                                                                                                            May 1, 2024 21:28:24.168821096 CEST4973358709192.168.2.4147.45.47.93

                                                                                                                                            UDP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            May 1, 2024 21:26:25.754127979 CEST5920153192.168.2.41.1.1.1
                                                                                                                                            May 1, 2024 21:26:25.850019932 CEST53592011.1.1.1192.168.2.4
                                                                                                                                            May 1, 2024 21:26:26.367821932 CEST6418353192.168.2.41.1.1.1
                                                                                                                                            May 1, 2024 21:26:26.466456890 CEST53641831.1.1.1192.168.2.4

                                                                                                                                            DNS Queries

                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                            May 1, 2024 21:26:25.754127979 CEST192.168.2.41.1.1.10x2612Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                            May 1, 2024 21:26:26.367821932 CEST192.168.2.41.1.1.10x1a89Standard query (0)db-ip.comA (IP address)IN (0x0001)false

                                                                                                                                            DNS Answers

                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                            May 1, 2024 21:26:25.850019932 CEST1.1.1.1192.168.2.40x2612No error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                                                                                                                                            May 1, 2024 21:26:26.466456890 CEST1.1.1.1192.168.2.40x1a89No error (0)db-ip.com104.26.5.15A (IP address)IN (0x0001)false
                                                                                                                                            May 1, 2024 21:26:26.466456890 CEST1.1.1.1192.168.2.40x1a89No error (0)db-ip.com104.26.4.15A (IP address)IN (0x0001)false
                                                                                                                                            May 1, 2024 21:26:26.466456890 CEST1.1.1.1192.168.2.40x1a89No error (0)db-ip.com172.67.75.166A (IP address)IN (0x0001)false

                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                            • https:
                                                                                                                                              • ipinfo.io
                                                                                                                                            • db-ip.com

                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.44974334.117.186.1924437576C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-05-01 19:26:26 UTC237OUTGET /widget/demo/149.18.24.96 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Referer: https://ipinfo.io/
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: ipinfo.io
                                                                                                                                            2024-05-01 19:26:26 UTC513INHTTP/1.1 200 OK
                                                                                                                                            server: nginx/1.24.0
                                                                                                                                            date: Wed, 01 May 2024 19:26:26 GMT
                                                                                                                                            content-type: application/json; charset=utf-8
                                                                                                                                            Content-Length: 959
                                                                                                                                            access-control-allow-origin: *
                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                            x-xss-protection: 1; mode=block
                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                            referrer-policy: strict-origin-when-cross-origin
                                                                                                                                            x-envoy-upstream-service-time: 3
                                                                                                                                            via: 1.1 google
                                                                                                                                            strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                            Connection: close
                                                                                                                                            2024-05-01 19:26:26 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 34 39 2e 31 38 2e 32 34 2e 39 36 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 34 39 2e 31 38 2e 32 34 2e 39 36 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 2c 20 44 2e 43 2e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 38 2e 38 39 35 31 2c 2d 37 37 2e 30 33 36 34 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 32 30 30 30 34 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e 65
                                                                                                                                            Data Ascii: { "input": "149.18.24.96", "data": { "ip": "149.18.24.96", "city": "Washington", "region": "Washington, D.C.", "country": "US", "loc": "38.8951,-77.0364", "org": "AS212238 Datacamp Limited", "postal": "20004", "timezone
                                                                                                                                            2024-05-01 19:26:26 UTC217INData Raw: 64 64 72 65 73 73 22 3a 20 22 55 53 2c 20 4e 59 2c 20 47 72 65 65 6e 6c 61 77 6e 2c 20 35 35 20 42 72 6f 61 64 77 61 79 2c 20 23 36 38 36 2c 20 31 31 37 34 30 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 6c 6f 67 69 63 77 65 62 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 34 39 2e 31 38 2e 30 2e 30 2f 31 36 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 33 34 37 2d 32 31 32 2d 35 30 34 37 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                                                                                            Data Ascii: ddress": "US, NY, Greenlawn, 55 Broadway, #686, 11740", "country": "US", "email": "abuse@logicweb.com", "name": "Abuse", "network": "149.18.0.0/16", "phone": "+1-347-212-5047" } }}


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.44974234.117.186.1924437412C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-05-01 19:26:26 UTC237OUTGET /widget/demo/149.18.24.96 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Referer: https://ipinfo.io/
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: ipinfo.io
                                                                                                                                            2024-05-01 19:26:26 UTC513INHTTP/1.1 200 OK
                                                                                                                                            server: nginx/1.24.0
                                                                                                                                            date: Wed, 01 May 2024 19:26:26 GMT
                                                                                                                                            content-type: application/json; charset=utf-8
                                                                                                                                            Content-Length: 959
                                                                                                                                            access-control-allow-origin: *
                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                            x-xss-protection: 1; mode=block
                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                            referrer-policy: strict-origin-when-cross-origin
                                                                                                                                            x-envoy-upstream-service-time: 2
                                                                                                                                            via: 1.1 google
                                                                                                                                            strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                            Connection: close
                                                                                                                                            2024-05-01 19:26:26 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 34 39 2e 31 38 2e 32 34 2e 39 36 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 34 39 2e 31 38 2e 32 34 2e 39 36 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 2c 20 44 2e 43 2e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 38 2e 38 39 35 31 2c 2d 37 37 2e 30 33 36 34 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 32 30 30 30 34 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e 65
                                                                                                                                            Data Ascii: { "input": "149.18.24.96", "data": { "ip": "149.18.24.96", "city": "Washington", "region": "Washington, D.C.", "country": "US", "loc": "38.8951,-77.0364", "org": "AS212238 Datacamp Limited", "postal": "20004", "timezone
                                                                                                                                            2024-05-01 19:26:26 UTC217INData Raw: 64 64 72 65 73 73 22 3a 20 22 55 53 2c 20 4e 59 2c 20 47 72 65 65 6e 6c 61 77 6e 2c 20 35 35 20 42 72 6f 61 64 77 61 79 2c 20 23 36 38 36 2c 20 31 31 37 34 30 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 6c 6f 67 69 63 77 65 62 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 34 39 2e 31 38 2e 30 2e 30 2f 31 36 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 33 34 37 2d 32 31 32 2d 35 30 34 37 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                                                                                            Data Ascii: ddress": "US, NY, Greenlawn, 55 Broadway, #686, 11740", "country": "US", "email": "abuse@logicweb.com", "name": "Abuse", "network": "149.18.0.0/16", "phone": "+1-347-212-5047" } }}


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            2192.168.2.44974434.117.186.1924437588C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-05-01 19:26:26 UTC237OUTGET /widget/demo/149.18.24.96 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Referer: https://ipinfo.io/
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: ipinfo.io
                                                                                                                                            2024-05-01 19:26:26 UTC513INHTTP/1.1 200 OK
                                                                                                                                            server: nginx/1.24.0
                                                                                                                                            date: Wed, 01 May 2024 19:26:26 GMT
                                                                                                                                            content-type: application/json; charset=utf-8
                                                                                                                                            Content-Length: 959
                                                                                                                                            access-control-allow-origin: *
                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                            x-xss-protection: 1; mode=block
                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                            referrer-policy: strict-origin-when-cross-origin
                                                                                                                                            x-envoy-upstream-service-time: 6
                                                                                                                                            via: 1.1 google
                                                                                                                                            strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                            Connection: close
                                                                                                                                            2024-05-01 19:26:26 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 34 39 2e 31 38 2e 32 34 2e 39 36 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 34 39 2e 31 38 2e 32 34 2e 39 36 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 2c 20 44 2e 43 2e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 38 2e 38 39 35 31 2c 2d 37 37 2e 30 33 36 34 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 32 30 30 30 34 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e 65
                                                                                                                                            Data Ascii: { "input": "149.18.24.96", "data": { "ip": "149.18.24.96", "city": "Washington", "region": "Washington, D.C.", "country": "US", "loc": "38.8951,-77.0364", "org": "AS212238 Datacamp Limited", "postal": "20004", "timezone
                                                                                                                                            2024-05-01 19:26:26 UTC217INData Raw: 64 64 72 65 73 73 22 3a 20 22 55 53 2c 20 4e 59 2c 20 47 72 65 65 6e 6c 61 77 6e 2c 20 35 35 20 42 72 6f 61 64 77 61 79 2c 20 23 36 38 36 2c 20 31 31 37 34 30 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 6c 6f 67 69 63 77 65 62 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 34 39 2e 31 38 2e 30 2e 30 2f 31 36 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 33 34 37 2d 32 31 32 2d 35 30 34 37 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                                                                                            Data Ascii: ddress": "US, NY, Greenlawn, 55 Broadway, #686, 11740", "country": "US", "email": "abuse@logicweb.com", "name": "Abuse", "network": "149.18.0.0/16", "phone": "+1-347-212-5047" } }}


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            3192.168.2.44974534.117.186.1924437652C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-05-01 19:26:26 UTC237OUTGET /widget/demo/149.18.24.96 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Referer: https://ipinfo.io/
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: ipinfo.io
                                                                                                                                            2024-05-01 19:26:26 UTC513INHTTP/1.1 200 OK
                                                                                                                                            server: nginx/1.24.0
                                                                                                                                            date: Wed, 01 May 2024 19:26:26 GMT
                                                                                                                                            content-type: application/json; charset=utf-8
                                                                                                                                            Content-Length: 959
                                                                                                                                            access-control-allow-origin: *
                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                            x-xss-protection: 1; mode=block
                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                            referrer-policy: strict-origin-when-cross-origin
                                                                                                                                            x-envoy-upstream-service-time: 3
                                                                                                                                            via: 1.1 google
                                                                                                                                            strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                            Connection: close
                                                                                                                                            2024-05-01 19:26:26 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 34 39 2e 31 38 2e 32 34 2e 39 36 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 34 39 2e 31 38 2e 32 34 2e 39 36 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 2c 20 44 2e 43 2e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 38 2e 38 39 35 31 2c 2d 37 37 2e 30 33 36 34 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 32 30 30 30 34 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e 65
                                                                                                                                            Data Ascii: { "input": "149.18.24.96", "data": { "ip": "149.18.24.96", "city": "Washington", "region": "Washington, D.C.", "country": "US", "loc": "38.8951,-77.0364", "org": "AS212238 Datacamp Limited", "postal": "20004", "timezone
                                                                                                                                            2024-05-01 19:26:26 UTC217INData Raw: 64 64 72 65 73 73 22 3a 20 22 55 53 2c 20 4e 59 2c 20 47 72 65 65 6e 6c 61 77 6e 2c 20 35 35 20 42 72 6f 61 64 77 61 79 2c 20 23 36 38 36 2c 20 31 31 37 34 30 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 6c 6f 67 69 63 77 65 62 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 34 39 2e 31 38 2e 30 2e 30 2f 31 36 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 33 34 37 2d 32 31 32 2d 35 30 34 37 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                                                                                            Data Ascii: ddress": "US, NY, Greenlawn, 55 Broadway, #686, 11740", "country": "US", "email": "abuse@logicweb.com", "name": "Abuse", "network": "149.18.0.0/16", "phone": "+1-347-212-5047" } }}


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            4192.168.2.449747104.26.5.154437412C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-05-01 19:26:26 UTC261OUTGET /demo/home.php?s=149.18.24.96 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: db-ip.com
                                                                                                                                            2024-05-01 19:26:26 UTC650INHTTP/1.1 200 OK
                                                                                                                                            Date: Wed, 01 May 2024 19:26:26 GMT
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            x-iplb-request-id: AC462B0B:75C2_93878F2E:0050_66329762_B05AC5E:7B63
                                                                                                                                            x-iplb-instance: 59128
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2qn5aHwsXwIVuUoK3cBsUvjoQUngbYSxH0irO109psSAB1ClpFdc3LQn5HAUbkrV9GPJcNHQnFkycUnqkID34CX1sez2tYEEdciDLHWT%2FmKrtcUPlX4kge3LGg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 87d229c9cad1058b-IAD
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-05-01 19:26:26 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                            Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                            2024-05-01 19:26:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            5192.168.2.449750104.26.5.154437652C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-05-01 19:26:26 UTC261OUTGET /demo/home.php?s=149.18.24.96 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: db-ip.com
                                                                                                                                            2024-05-01 19:26:26 UTC652INHTTP/1.1 200 OK
                                                                                                                                            Date: Wed, 01 May 2024 19:26:26 GMT
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            x-iplb-request-id: AC47DEF2:8E14_93878F2E:0050_66329762_B05AC5F:7B63
                                                                                                                                            x-iplb-instance: 59128
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xPO34zPPB2KYm0TaP02kBI%2BkW0U93k14uOxP0HWY7NNAep8Hw68x3oYx94f4rHvhw33ExLRHtKsCqac0lfyZaN8i2qvhqXDPoMuwnKlFd%2FlDclfDHj51bnTZYw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 87d229c9caf220cf-IAD
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-05-01 19:26:26 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                            Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                            2024-05-01 19:26:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            6192.168.2.449748104.26.5.154437588C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-05-01 19:26:26 UTC261OUTGET /demo/home.php?s=149.18.24.96 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: db-ip.com
                                                                                                                                            2024-05-01 19:26:26 UTC664INHTTP/1.1 200 OK
                                                                                                                                            Date: Wed, 01 May 2024 19:26:26 GMT
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            x-iplb-request-id: AC462B2D:8650_93878F2E:0050_66329762_B09FE2D:4F34
                                                                                                                                            x-iplb-instance: 59215
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MPRY4OQL2Ku7Djt0YYss%2BIZ2v%2Fr0ko4qZ%2BgbV0bE3lXLwrz%2Fm28ebaEs%2Bplj%2FvwtDA9rx4AVYSNHfN%2BiIyvl2U9VZRBIg%2BcAutWCVX1qzWinUn9owe8DOnOIdg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 87d229c9dc553b4a-IAD
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-05-01 19:26:26 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                            Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                            2024-05-01 19:26:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            7192.168.2.449749104.26.5.154437576C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-05-01 19:26:26 UTC261OUTGET /demo/home.php?s=149.18.24.96 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: db-ip.com
                                                                                                                                            2024-05-01 19:26:26 UTC654INHTTP/1.1 200 OK
                                                                                                                                            Date: Wed, 01 May 2024 19:26:26 GMT
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            x-iplb-request-id: AC47DF6F:75AE_93878F2E:0050_66329762_B09FE2C:4F34
                                                                                                                                            x-iplb-instance: 59215
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V7cOP2FBGioTR1Ppt5TTBSaodVFfQdtf5gYQOHpP6fOgPbIN8kZdGGQPA%2F6jeZVcSDALQb3klOm47qu91lDJuw7A8WfM0Jv%2F6X7IT%2BqkcfudGlNbnVKh3vjRcw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 87d229c9cd041fdc-IAD
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-05-01 19:26:26 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                            Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                            2024-05-01 19:26:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            8192.168.2.44974634.117.186.1924438032C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-05-01 19:26:26 UTC237OUTGET /widget/demo/149.18.24.96 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Referer: https://ipinfo.io/
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: ipinfo.io
                                                                                                                                            2024-05-01 19:26:26 UTC513INHTTP/1.1 200 OK
                                                                                                                                            server: nginx/1.24.0
                                                                                                                                            date: Wed, 01 May 2024 19:26:26 GMT
                                                                                                                                            content-type: application/json; charset=utf-8
                                                                                                                                            Content-Length: 959
                                                                                                                                            access-control-allow-origin: *
                                                                                                                                            x-frame-options: SAMEORIGIN
                                                                                                                                            x-xss-protection: 1; mode=block
                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                            referrer-policy: strict-origin-when-cross-origin
                                                                                                                                            x-envoy-upstream-service-time: 2
                                                                                                                                            via: 1.1 google
                                                                                                                                            strict-transport-security: max-age=2592000; includeSubDomains
                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                            Connection: close
                                                                                                                                            2024-05-01 19:26:26 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 31 34 39 2e 31 38 2e 32 34 2e 39 36 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 31 34 39 2e 31 38 2e 32 34 2e 39 36 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 2c 20 44 2e 43 2e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 33 38 2e 38 39 35 31 2c 2d 37 37 2e 30 33 36 34 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 32 30 30 30 34 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e 65
                                                                                                                                            Data Ascii: { "input": "149.18.24.96", "data": { "ip": "149.18.24.96", "city": "Washington", "region": "Washington, D.C.", "country": "US", "loc": "38.8951,-77.0364", "org": "AS212238 Datacamp Limited", "postal": "20004", "timezone
                                                                                                                                            2024-05-01 19:26:26 UTC217INData Raw: 64 64 72 65 73 73 22 3a 20 22 55 53 2c 20 4e 59 2c 20 47 72 65 65 6e 6c 61 77 6e 2c 20 35 35 20 42 72 6f 61 64 77 61 79 2c 20 23 36 38 36 2c 20 31 31 37 34 30 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 40 6c 6f 67 69 63 77 65 62 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 31 34 39 2e 31 38 2e 30 2e 30 2f 31 36 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 31 2d 33 34 37 2d 32 31 32 2d 35 30 34 37 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                                                                                            Data Ascii: ddress": "US, NY, Greenlawn, 55 Broadway, #686, 11740", "country": "US", "email": "abuse@logicweb.com", "name": "Abuse", "network": "149.18.0.0/16", "phone": "+1-347-212-5047" } }}


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            9192.168.2.449751104.26.5.154438032C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2024-05-01 19:26:27 UTC261OUTGET /demo/home.php?s=149.18.24.96 HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                                                                                            Host: db-ip.com
                                                                                                                                            2024-05-01 19:26:27 UTC656INHTTP/1.1 200 OK
                                                                                                                                            Date: Wed, 01 May 2024 19:26:27 GMT
                                                                                                                                            Content-Type: application/json
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            x-iplb-request-id: AC46AFC8:AA46_93878F2E:0050_66329763_B05AC73:7B63
                                                                                                                                            x-iplb-instance: 59128
                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0o%2FBVKbIgwyY%2Fg0soKNGiuCvxY8LcaRc3TG7b2ZHZAojTMcBB6o6y9NLzqKQMnqnkXrC7Z%2FVcJ7CJ0n68NeJam%2BpbHCN4C7IcZezdtzJkCefO6Bfyosf9yLWWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 87d229cc3d026ff7-IAD
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            2024-05-01 19:26:27 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                                                                                            Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                                                                                            2024-05-01 19:26:27 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:21:25:18
                                                                                                                                            Start date:01/05/2024
                                                                                                                                            Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.PWSX-gen.2624.6335.exe"
                                                                                                                                            Imagebase:0xdd0000
                                                                                                                                            File size:3'181'568 bytes
                                                                                                                                            MD5 hash:8A5AC55FCE35D8A033DED9E56940152A
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:1
                                                                                                                                            Start time:21:25:21
                                                                                                                                            Start date:01/05/2024
                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 HR" /sc HOURLY /rl HIGHEST
                                                                                                                                            Imagebase:0xa80000
                                                                                                                                            File size:187'904 bytes
                                                                                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:2
                                                                                                                                            Start time:21:25:21
                                                                                                                                            Start date:01/05/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:3
                                                                                                                                            Start time:21:25:21
                                                                                                                                            Start date:01/05/2024
                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MPGPH131\MPGPH131.exe" /tn "MPGPH131 LG" /sc ONLOGON /rl HIGHEST
                                                                                                                                            Imagebase:0xa80000
                                                                                                                                            File size:187'904 bytes
                                                                                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:4
                                                                                                                                            Start time:21:25:21
                                                                                                                                            Start date:01/05/2024
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:5
                                                                                                                                            Start time:21:25:23
                                                                                                                                            Start date:01/05/2024
                                                                                                                                            Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                            Imagebase:0x950000
                                                                                                                                            File size:3'181'568 bytes
                                                                                                                                            MD5 hash:8A5AC55FCE35D8A033DED9E56940152A
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                            • Detection: 37%, ReversingLabs
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:6
                                                                                                                                            Start time:21:25:23
                                                                                                                                            Start date:01/05/2024
                                                                                                                                            Path:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:C:\ProgramData\MPGPH131\MPGPH131.exe
                                                                                                                                            Imagebase:0x950000
                                                                                                                                            File size:3'181'568 bytes
                                                                                                                                            MD5 hash:8A5AC55FCE35D8A033DED9E56940152A
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:7
                                                                                                                                            Start time:21:25:30
                                                                                                                                            Start date:01/05/2024
                                                                                                                                            Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                            Imagebase:0x5f0000
                                                                                                                                            File size:3'181'568 bytes
                                                                                                                                            MD5 hash:8A5AC55FCE35D8A033DED9E56940152A
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                            • Detection: 37%, ReversingLabs
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:11
                                                                                                                                            Start time:21:25:40
                                                                                                                                            Start date:01/05/2024
                                                                                                                                            Path:C:\Users\user\AppData\Local\RageMP131\RageMP131.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\RageMP131\RageMP131.exe"
                                                                                                                                            Imagebase:0x5f0000
                                                                                                                                            File size:3'181'568 bytes
                                                                                                                                            MD5 hash:8A5AC55FCE35D8A033DED9E56940152A
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Yara matches:
                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.3569384353.000000000184B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 0000000B.00000002.3569384353.00000000017A7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 0000000B.00000003.3434983200.0000000001897000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 0000000B.00000002.3570549317.0000000001898000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:false

                                                                                                                                            Disassembly

                                                                                                                                            Reset < >

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:4.8%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:4.2%
                                                                                                                                              Total number of Nodes:1971
                                                                                                                                              Total number of Limit Nodes:30
                                                                                                                                              execution_graph 15205 10ceb8c 15206 10ceb99 VirtualAlloc 15205->15206 15456 e94eb0 15457 e9527c 15456->15457 15460 e94eee std::ios_base::_Ios_base_dtor __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15456->15460 15458 e94f37 setsockopt recv WSAGetLastError 15458->15457 15458->15460 15460->15458 15461 e95267 Sleep 15460->15461 15463 e951c5 recv 15460->15463 15464 e9525f Sleep 15460->15464 15468 e95291 15460->15468 15472 e95086 setsockopt recv 15460->15472 15473 de8dc0 43 API calls 15460->15473 15476 e95940 WSAStartup 15460->15476 15489 de8dc0 15460->15489 15498 de63b0 15460->15498 15503 e952a0 15460->15503 15562 e03059 15460->15562 15565 dd9280 15460->15565 15461->15457 15461->15460 15463->15464 15464->15461 15466 e94fdd recv 15466->15460 15467 e94ffe recv 15466->15467 15467->15460 15575 e08c60 15468->15575 15472->15460 15473->15472 15477 e95a46 15476->15477 15478 e95978 15476->15478 15477->15460 15478->15477 15479 e959ae getaddrinfo 15478->15479 15480 e95a40 WSACleanup 15479->15480 15481 e959f6 15479->15481 15480->15477 15482 e95a54 FreeAddrInfoW 15481->15482 15483 e95a04 socket 15481->15483 15482->15480 15484 e95a60 15482->15484 15483->15480 15485 e95a1a connect 15483->15485 15484->15460 15486 e95a2c closesocket 15485->15486 15487 e95a50 15485->15487 15486->15483 15488 e95a36 FreeAddrInfoW 15486->15488 15487->15482 15488->15480 15491 de8de2 std::locale::_Setgloballocale 15489->15491 15492 de8e11 15489->15492 15490 de8ef8 15491->15466 15492->15490 15580 dd32d0 15492->15580 15494 de8e66 std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 15495 de8ecb std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 15494->15495 15594 dd2fe0 15494->15594 15495->15466 15497 de8eb8 15497->15466 15500 de63d8 15498->15500 15499 de63e7 15499->15460 15500->15499 15501 dd32d0 std::_Throw_Cpp_error 43 API calls 15500->15501 15502 de642a std::_Locinfo::_Locinfo_ctor 15501->15502 15502->15460 15504 e9531c 15503->15504 15505 e952ee 15503->15505 15507 e9533e 15504->15507 15508 e95324 15504->15508 15506 dd2cf0 std::_Throw_Cpp_error 43 API calls 15505->15506 15509 e95300 15506->15509 15511 e95360 15507->15511 15512 e95346 15507->15512 15770 de6290 15508->15770 15513 dd9280 46 API calls 15509->15513 15515 e95368 15511->15515 15516 e95385 15511->15516 15514 de6290 43 API calls 15512->15514 15542 e95314 15513->15542 15514->15542 15520 de6290 43 API calls 15515->15520 15515->15542 15517 e953ab 15516->15517 15518 e9538d 15516->15518 15521 e953cb 15517->15521 15522 e95670 15517->15522 15517->15542 15774 e112a7 15518->15774 15520->15542 15733 dd5400 15521->15733 15524 e95678 15522->15524 15525 e956cb 15522->15525 15811 deb430 15524->15811 15526 e956d3 15525->15526 15527 e95726 15525->15527 15529 deb430 56 API calls 15526->15529 15530 e9572e 15527->15530 15531 e95781 15527->15531 15529->15542 15534 deb430 56 API calls 15530->15534 15532 e95789 15531->15532 15533 e957dc 15531->15533 15535 deb430 56 API calls 15532->15535 15536 e95834 15533->15536 15537 e957e4 15533->15537 15534->15542 15535->15542 15536->15542 15817 e28af0 15536->15817 15540 deb430 56 API calls 15537->15540 15540->15542 15542->15460 15544 e953f0 15545 e954bb 15544->15545 15557 e95629 15544->15557 15743 dd2cf0 15544->15743 15747 deace0 15544->15747 15750 dd2d30 15545->15750 15549 e954f0 15550 e95562 GetCurrentProcess 15549->15550 15554 e95595 15549->15554 15551 de63b0 std::_Throw_Cpp_error 43 API calls 15550->15551 15552 e9557e 15551->15552 15780 e9c630 VirtualAllocEx WriteProcessMemory 15552->15780 15767 e09810 15554->15767 15555 e9558d 15555->15557 15808 e02b9a 15557->15808 17770 e0360d 15562->17770 15566 de63b0 std::_Throw_Cpp_error 43 API calls 15565->15566 15567 dd92d4 15566->15567 15568 de8dc0 43 API calls 15567->15568 15569 dd9523 std::_Locinfo::_Locinfo_ctor 15567->15569 15568->15569 15570 dd95f0 GetModuleHandleA GetProcAddress WSASend 15569->15570 15572 dd96e2 std::ios_base::_Ios_base_dtor 15569->15572 15570->15569 15570->15572 15571 dd975d std::ios_base::_Ios_base_dtor 15571->15460 15572->15571 15573 e08c60 std::_Throw_Cpp_error 41 API calls 15572->15573 15574 dd979c 15573->15574 15574->15460 15576 e08b9c ___std_exception_copy 41 API calls 15575->15576 15577 e08c6f 15576->15577 15578 e08c7d __Getctype 11 API calls 15577->15578 15579 e08c7c 15578->15579 15581 dd3306 15580->15581 15582 dd32e2 15580->15582 15583 dd3318 15581->15583 15586 e03662 std::_Facet_Register 43 API calls 15581->15586 15584 dd331f 15582->15584 15585 dd32e9 15582->15585 15583->15494 15610 dd2b50 15584->15610 15599 e03662 15585->15599 15590 dd3310 15586->15590 15589 dd32ef 15591 dd32f8 15589->15591 15592 e08c60 std::_Throw_Cpp_error 41 API calls 15589->15592 15590->15494 15591->15494 15593 dd3329 15592->15593 15595 dd3017 std::ios_base::_Ios_base_dtor 15594->15595 15596 dd3007 15594->15596 15595->15497 15596->15595 15597 e08c60 std::_Throw_Cpp_error 41 API calls 15596->15597 15598 dd3036 15597->15598 15601 e03667 15599->15601 15602 e03681 15601->15602 15603 e15a79 std::_Facet_Register 2 API calls 15601->15603 15605 dd2b50 Concurrency::cancel_current_task 15601->15605 15616 e123dc 15601->15616 15602->15589 15603->15601 15604 e0368d 15604->15604 15605->15604 15623 e051eb 15605->15623 15607 dd2b6c 15626 e04b05 15607->15626 15611 dd2b5e Concurrency::cancel_current_task 15610->15611 15612 e051eb Concurrency::cancel_current_task RaiseException 15611->15612 15613 dd2b6c 15612->15613 15614 e04b05 ___std_exception_copy 42 API calls 15613->15614 15615 dd2bac 15614->15615 15615->15589 15618 e1b086 __Getctype 15616->15618 15617 e1b0c4 15619 e116ef __floor_pentium4 14 API calls 15617->15619 15618->15617 15620 e1b0af RtlAllocateHeap 15618->15620 15622 e15a79 std::_Facet_Register 2 API calls 15618->15622 15621 e1b0c2 15619->15621 15620->15618 15620->15621 15621->15601 15622->15618 15624 e05232 RaiseException 15623->15624 15625 e05205 15623->15625 15624->15607 15625->15624 15627 e04b12 15626->15627 15633 dd2bac 15626->15633 15628 e123dc ___std_exception_copy 15 API calls 15627->15628 15627->15633 15629 e04b2f 15628->15629 15630 e04b3f 15629->15630 15634 e19995 15629->15634 15643 e11c86 15630->15643 15633->15589 15635 e199a3 15634->15635 15636 e199b1 15634->15636 15635->15636 15641 e199c9 15635->15641 15637 e116ef __floor_pentium4 14 API calls 15636->15637 15638 e199b9 15637->15638 15646 e08c50 15638->15646 15640 e199c3 15640->15630 15641->15640 15642 e116ef __floor_pentium4 14 API calls 15641->15642 15642->15638 15644 e1b00c ___std_exception_destroy 14 API calls 15643->15644 15645 e11c9e 15644->15645 15645->15633 15649 e08b9c 15646->15649 15650 e08bae ___std_exception_copy 15649->15650 15655 e08bd3 15650->15655 15652 e08bc6 15666 e0898c 15652->15666 15656 e08be3 15655->15656 15657 e08bea 15655->15657 15672 e089f1 GetLastError 15656->15672 15659 e08bf8 15657->15659 15676 e089c8 15657->15676 15659->15652 15661 e08c1f 15661->15659 15679 e08c7d IsProcessorFeaturePresent 15661->15679 15663 e08c4f 15664 e08b9c ___std_exception_copy 41 API calls 15663->15664 15665 e08c5c 15664->15665 15665->15652 15667 e08998 15666->15667 15668 e089af 15667->15668 15711 e08a37 15667->15711 15670 e089c2 15668->15670 15671 e08a37 ___std_exception_copy 41 API calls 15668->15671 15670->15640 15671->15670 15673 e08a0a 15672->15673 15683 e1a036 15673->15683 15677 e089d3 GetLastError SetLastError 15676->15677 15678 e089ec 15676->15678 15677->15661 15678->15661 15680 e08c89 15679->15680 15705 e08a54 15680->15705 15684 e1a04f 15683->15684 15685 e1a049 15683->15685 15687 e1b68d __Getctype 6 API calls 15684->15687 15704 e08a22 SetLastError 15684->15704 15686 e1b64e __Getctype 6 API calls 15685->15686 15686->15684 15688 e1a069 15687->15688 15689 e1a64c __Getctype 14 API calls 15688->15689 15688->15704 15690 e1a079 15689->15690 15691 e1a081 15690->15691 15692 e1a096 15690->15692 15693 e1b68d __Getctype 6 API calls 15691->15693 15694 e1b68d __Getctype 6 API calls 15692->15694 15695 e1a08d 15693->15695 15696 e1a0a2 15694->15696 15699 e1b00c ___std_exception_destroy 14 API calls 15695->15699 15697 e1a0b5 15696->15697 15698 e1a0a6 15696->15698 15701 e19c60 __Getctype 14 API calls 15697->15701 15700 e1b68d __Getctype 6 API calls 15698->15700 15699->15704 15700->15695 15702 e1a0c0 15701->15702 15703 e1b00c ___std_exception_destroy 14 API calls 15702->15703 15703->15704 15704->15657 15706 e08a70 std::locale::_Setgloballocale 15705->15706 15707 e08a9c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15706->15707 15708 e08b6d std::locale::_Setgloballocale 15707->15708 15709 e03d67 _ValidateLocalCookies 5 API calls 15708->15709 15710 e08b8b GetCurrentProcess TerminateProcess 15709->15710 15710->15663 15712 e08a41 15711->15712 15713 e08a4a 15711->15713 15714 e089f1 ___std_exception_copy 16 API calls 15712->15714 15713->15668 15715 e08a46 15714->15715 15715->15713 15718 e141b6 15715->15718 15719 e1f60e std::locale::_Setgloballocale RtlEnterCriticalSection RtlLeaveCriticalSection 15718->15719 15720 e141bb 15719->15720 15721 e141c6 15720->15721 15722 e1f653 std::locale::_Setgloballocale 40 API calls 15720->15722 15723 e141d0 IsProcessorFeaturePresent 15721->15723 15727 e141ef 15721->15727 15722->15721 15724 e141dc 15723->15724 15726 e08a54 std::locale::_Setgloballocale 8 API calls 15724->15726 15725 e136d2 std::locale::_Setgloballocale 21 API calls 15729 e141f9 15725->15729 15726->15727 15727->15725 15728 e1b7e6 std::locale::_Setgloballocale 6 API calls 15728->15729 15729->15728 15730 e1422e 15729->15730 15731 e08a53 15729->15731 15732 e14252 __Getctype RtlDeleteCriticalSection 15730->15732 15732->15731 15822 e02b89 15733->15822 15736 dd5410 15737 dd5419 15736->15737 15739 e02524 std::_Throw_Cpp_error 79 API calls 15736->15739 15737->15544 15740 dd5430 15739->15740 15833 e0952c 15740->15833 15744 dd2d13 15743->15744 15744->15744 15745 dd3040 std::_Throw_Cpp_error 43 API calls 15744->15745 15746 dd2d25 15745->15746 15746->15544 15748 dead10 15747->15748 15748->15748 16395 defbf0 15748->16395 15751 dd3040 std::_Throw_Cpp_error 43 API calls 15750->15751 15752 dd2d55 15751->15752 15753 ea3670 15752->15753 15754 ea3708 15753->15754 15766 ea3711 std::locale::_Setgloballocale 15753->15766 16404 dee4b0 15754->16404 15757 ea38ff 15759 ea3903 15757->15759 16508 de6130 15757->16508 15761 ea3930 std::ios_base::_Ios_base_dtor 15759->15761 15762 e08c60 std::_Throw_Cpp_error 41 API calls 15759->15762 15761->15549 15763 ea397e 15762->15763 15764 e03059 __Xtime_get_ticks 2 API calls 15763->15764 15765 ea3986 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15764->15765 15765->15549 15766->15757 15766->15759 16427 ec1ae0 15766->16427 16438 df4160 15766->16438 16604 e0974e 15767->16604 15771 de62b1 15770->15771 15772 de629d 15770->15772 15771->15542 15773 de6130 43 API calls 15772->15773 15773->15771 15775 e112ba ___std_exception_copy 15774->15775 16655 e0d695 15775->16655 15777 e112d4 15778 e0898c ___std_exception_copy 41 API calls 15777->15778 15779 e112e1 15778->15779 15779->15542 15781 e9c70a VirtualAllocEx 15780->15781 15782 e9c6cd 15780->15782 15784 e9c77f std::locale::_Setgloballocale 15781->15784 15783 e9c6d3 WriteProcessMemory 15782->15783 15783->15783 15785 e9c707 15783->15785 16871 deab20 15784->16871 15785->15781 15788 de8f00 std::_Throw_Cpp_error 43 API calls 15789 e9c82f 15788->15789 16876 dd3440 15789->16876 15792 e9c91d 15793 e9c93b std::ios_base::_Ios_base_dtor 15792->15793 15794 e08c60 std::_Throw_Cpp_error 41 API calls 15792->15794 15793->15555 15795 e9c97e 15794->15795 15795->15555 15796 e11618 15797 e1162b ___std_exception_copy 15796->15797 17133 e113fa 15797->17133 15799 e11640 15800 e0898c ___std_exception_copy 41 API calls 15799->15800 15801 e1164d 15800->15801 15802 e0d098 15801->15802 15803 e0d0ab ___std_exception_copy 15802->15803 17303 e0cf73 15803->17303 15805 e0d0b7 15806 e0898c ___std_exception_copy 41 API calls 15805->15806 15807 e0d0c3 15806->15807 15807->15557 15809 e02bb4 15808->15809 15810 e02ba6 RtlReleaseSRWLockExclusive 15808->15810 15809->15542 15810->15809 15812 deb48d 15811->15812 17395 df2100 15812->17395 15816 deb503 15816->15542 17739 e28ba0 15817->17739 15819 e28b21 std::_Locinfo::_Locinfo_ctor 15820 dd3040 std::_Throw_Cpp_error 43 API calls 15819->15820 15821 e28b6c 15820->15821 15821->15542 15839 e02bb8 GetCurrentThreadId 15822->15839 15825 e02524 15826 e0253a std::_Throw_Cpp_error 15825->15826 15865 e024d7 15826->15865 15834 e0953f ___std_exception_copy 15833->15834 16369 e093cb 15834->16369 15836 e0954e 15837 e0898c ___std_exception_copy 41 API calls 15836->15837 15838 dd5450 15837->15838 15838->15544 15840 e02c01 15839->15840 15841 e02be2 15839->15841 15842 e02c21 15840->15842 15843 e02c0a 15840->15843 15844 e02be7 RtlAcquireSRWLockExclusive 15841->15844 15850 e02bf7 15841->15850 15846 e02c80 15842->15846 15853 e02c39 15842->15853 15845 e02c15 RtlAcquireSRWLockExclusive 15843->15845 15843->15850 15844->15850 15845->15850 15848 e02c87 RtlTryAcquireSRWLockExclusive 15846->15848 15846->15850 15848->15850 15849 dd5409 15849->15736 15849->15825 15857 e03d67 15850->15857 15852 e02c70 RtlTryAcquireSRWLockExclusive 15852->15850 15852->15853 15853->15850 15853->15852 15854 e0301b 15853->15854 15855 e03059 __Xtime_get_ticks 2 API calls 15854->15855 15856 e03026 __aulldiv __aullrem 15855->15856 15856->15853 15858 e03d70 IsProcessorFeaturePresent 15857->15858 15859 e03d6f 15857->15859 15861 e0454a 15858->15861 15859->15849 15864 e0450d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15861->15864 15863 e0462d 15863->15849 15864->15863 15866 e024e3 __EH_prolog3_GS 15865->15866 15867 dd2cf0 std::_Throw_Cpp_error 43 API calls 15866->15867 15868 e024f7 15867->15868 15886 dd36e0 15868->15886 15870 e0250c 15900 e03f5d 15870->15900 15887 de63b0 std::_Throw_Cpp_error 43 API calls 15886->15887 15888 dd3731 15887->15888 15889 dd375a 15888->15889 15903 de8f00 15888->15903 15891 de8f00 std::_Throw_Cpp_error 43 API calls 15889->15891 15892 dd378a 15891->15892 15893 e04b05 ___std_exception_copy 42 API calls 15892->15893 15895 dd381e 15893->15895 15894 dd385f std::ios_base::_Ios_base_dtor 15894->15870 15895->15894 15896 e08c60 std::_Throw_Cpp_error 41 API calls 15895->15896 15897 dd38b0 15896->15897 15912 e04b68 15897->15912 15899 dd38f5 std::ios_base::_Ios_base_dtor 15899->15870 15901 e03d67 _ValidateLocalCookies 5 API calls 15900->15901 15902 e03f67 15901->15902 15902->15902 15905 de8f22 std::_Locinfo::_Locinfo_ctor 15903->15905 15906 de8f4f 15903->15906 15904 de902f std::ios_base::_Ios_base_dtor 15904->15889 15905->15889 15906->15904 15907 dd32d0 std::_Throw_Cpp_error 43 API calls 15906->15907 15908 de8fa4 std::_Locinfo::_Locinfo_ctor 15907->15908 15909 de9002 std::_Locinfo::_Locinfo_ctor 15908->15909 15910 dd2fe0 std::_Throw_Cpp_error 41 API calls 15908->15910 15909->15889 15911 de8fef 15910->15911 15911->15889 15913 e04b75 15912->15913 15915 e04b7c 15912->15915 15914 e11c86 ___std_exception_destroy 14 API calls 15913->15914 15914->15915 15915->15899 16370 e093d7 std::locale::_Setgloballocale 16369->16370 16371 e093e0 16370->16371 16372 e09404 16370->16372 16373 e08bd3 ___std_exception_copy 41 API calls 16371->16373 16383 e11240 RtlEnterCriticalSection 16372->16383 16382 e093f9 16373->16382 16375 e0940d 16376 e09422 16375->16376 16384 e1a1db 16375->16384 16378 e0948e 16376->16378 16379 e094bf 16376->16379 16380 e08bd3 ___std_exception_copy 41 API calls 16378->16380 16391 e094f7 16379->16391 16380->16382 16382->15836 16383->16375 16385 e1a1e7 16384->16385 16386 e1a1fc 16384->16386 16387 e116ef __floor_pentium4 14 API calls 16385->16387 16386->16376 16388 e1a1ec 16387->16388 16389 e08c50 ___std_exception_copy 41 API calls 16388->16389 16390 e1a1f7 16389->16390 16390->16376 16394 e11254 RtlLeaveCriticalSection 16391->16394 16393 e094fd 16393->16382 16394->16393 16397 defc8d 16395->16397 16399 defc12 std::_Locinfo::_Locinfo_ctor 16395->16399 16396 defd5e 16397->16396 16398 dd32d0 std::_Throw_Cpp_error 43 API calls 16397->16398 16400 defce1 std::_Locinfo::_Locinfo_ctor 16398->16400 16401 defd3a std::_Locinfo::_Locinfo_ctor 16400->16401 16402 dd2fe0 std::_Throw_Cpp_error 41 API calls 16400->16402 16403 defd27 16402->16403 16405 dee528 16404->16405 16406 dee4c2 16404->16406 16519 dd3330 16405->16519 16408 dee4ca 16406->16408 16409 dee4f9 16406->16409 16410 dee52d 16408->16410 16411 dee4d1 16408->16411 16412 dee516 16409->16412 16415 e03662 std::_Facet_Register 43 API calls 16409->16415 16413 dd2b50 Concurrency::cancel_current_task 43 API calls 16410->16413 16414 e03662 std::_Facet_Register 43 API calls 16411->16414 16412->15766 16416 dee4d7 16413->16416 16414->16416 16417 dee503 16415->16417 16418 e08c60 std::_Throw_Cpp_error 41 API calls 16416->16418 16419 dee4e0 16416->16419 16417->15766 16420 dee537 16418->16420 16419->15766 16522 de6ad0 16420->16522 16422 dee574 16423 dd4900 std::_Throw_Cpp_error 43 API calls 16422->16423 16424 dee5fb 16423->16424 16425 dee613 16424->16425 16526 de9b60 16424->16526 16425->15766 16428 ec1ae7 16427->16428 16429 ec1aec 16427->16429 16428->15766 16430 e123dc ___std_exception_copy 15 API calls 16429->16430 16436 ec1b2f 16429->16436 16430->16436 16431 ec1b42 16431->15766 16432 ec1bf7 16432->15766 16433 e11c86 ___std_exception_destroy 14 API calls 16434 ec1be7 16433->16434 16434->15766 16435 ec1ba1 16435->16432 16435->16433 16436->16431 16436->16435 16437 e11c86 ___std_exception_destroy 14 API calls 16436->16437 16437->16435 16439 df4288 16438->16439 16440 df4195 16438->16440 16442 dd3330 43 API calls 16439->16442 16441 df41b1 16440->16441 16443 df4202 16440->16443 16444 df41f2 16440->16444 16446 e03662 std::_Facet_Register 43 API calls 16441->16446 16445 df428d 16442->16445 16450 e03662 std::_Facet_Register 43 API calls 16443->16450 16455 df41cf std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 16443->16455 16444->16441 16444->16445 16447 dd2b50 Concurrency::cancel_current_task 43 API calls 16445->16447 16448 df41c4 16446->16448 16449 df4292 16447->16449 16448->16449 16448->16455 16451 e08c60 std::_Throw_Cpp_error 41 API calls 16449->16451 16450->16455 16452 df4297 16451->16452 16453 df42fa 16452->16453 16454 df43e9 16452->16454 16572 df6ff0 16453->16572 16456 dd3330 43 API calls 16454->16456 16567 df77d0 16455->16567 16457 df43ee 16456->16457 16459 df445a 16457->16459 16460 df4549 16457->16460 16464 df6ff0 43 API calls 16459->16464 16462 dd3330 43 API calls 16460->16462 16471 df454e 16462->16471 16463 df425e 16463->15766 16466 df4496 16464->16466 16465 df470b 16468 dd3330 43 API calls 16465->16468 16470 de63b0 std::_Throw_Cpp_error 43 API calls 16466->16470 16467 df4706 16472 dd2b50 Concurrency::cancel_current_task 43 API calls 16467->16472 16493 df46af 16468->16493 16469 df4336 16580 df7830 16469->16580 16484 df44c4 16470->16484 16471->16465 16471->16467 16474 df45ee 16471->16474 16475 df4615 16471->16475 16472->16465 16473 e08c60 std::_Throw_Cpp_error 41 API calls 16476 df4715 16473->16476 16474->16467 16477 df45f9 16474->16477 16480 e03662 std::_Facet_Register 43 API calls 16475->16480 16486 df45ff 16475->16486 16595 ded010 16476->16595 16481 e03662 std::_Facet_Register 43 API calls 16477->16481 16480->16486 16481->16486 16482 df43b0 16482->15766 16487 df7830 41 API calls 16484->16487 16486->16493 16497 df46d1 std::ios_base::_Ios_base_dtor 16486->16497 16585 e01f8c 16486->16585 16489 df4510 16487->16489 16488 df472f 16490 e051eb Concurrency::cancel_current_task RaiseException 16488->16490 16489->15766 16491 df4738 16490->16491 16492 df4798 16491->16492 16495 df477f 16491->16495 16496 df475b 16491->16496 16494 dd2b50 Concurrency::cancel_current_task 43 API calls 16492->16494 16493->16473 16493->16497 16498 df4768 16494->16498 16500 df4791 16495->16500 16501 e03662 std::_Facet_Register 43 API calls 16495->16501 16496->16492 16499 df4762 16496->16499 16497->15766 16503 e08c60 std::_Throw_Cpp_error 41 API calls 16498->16503 16507 df4771 16498->16507 16504 e03662 std::_Facet_Register 43 API calls 16499->16504 16500->15766 16505 df4789 16501->16505 16506 df47a2 16503->16506 16504->16498 16505->15766 16507->15766 16509 de6174 16508->16509 16510 de6143 std::_Locinfo::_Locinfo_ctor 16508->16510 16511 de6180 16509->16511 16513 de6200 16509->16513 16510->15759 16512 dd32d0 std::_Throw_Cpp_error 43 API calls 16511->16512 16516 de61bf std::_Locinfo::_Locinfo_ctor 16512->16516 16514 de8f00 std::_Throw_Cpp_error 43 API calls 16513->16514 16515 de6232 16514->16515 16515->15759 16517 de61ed 16516->16517 16518 dd2fe0 std::_Throw_Cpp_error 41 API calls 16516->16518 16517->15759 16518->16517 16530 e01cda 16519->16530 16523 de6b02 16522->16523 16525 de6b1d 16523->16525 16556 de50e0 16523->16556 16525->16422 16527 de9bbb 16526->16527 16528 de9b96 16526->16528 16527->16425 16528->16527 16564 de88a0 16528->16564 16543 e01a8f 16530->16543 16533 e051eb Concurrency::cancel_current_task RaiseException 16534 e01cf9 16533->16534 16546 e01ae4 16534->16546 16537 e051eb Concurrency::cancel_current_task RaiseException 16538 e01d19 16537->16538 16549 e01b27 16538->16549 16541 e051eb Concurrency::cancel_current_task RaiseException 16542 e01d39 16541->16542 16553 dd34e0 16543->16553 16547 dd34e0 std::invalid_argument::invalid_argument 42 API calls 16546->16547 16548 e01af6 16547->16548 16548->16537 16550 e01b3b std::regex_error::regex_error 16549->16550 16551 dd34e0 std::invalid_argument::invalid_argument 42 API calls 16550->16551 16552 e01b44 16551->16552 16552->16541 16554 e04b05 ___std_exception_copy 42 API calls 16553->16554 16555 dd3522 16554->16555 16555->16533 16557 de5117 16556->16557 16561 de51b5 16556->16561 16558 de6ad0 43 API calls 16557->16558 16559 de5120 16558->16559 16560 de519d 16559->16560 16562 dd4900 std::_Throw_Cpp_error 43 API calls 16559->16562 16560->16561 16563 de9b60 43 API calls 16560->16563 16561->16525 16562->16560 16563->16561 16565 dd4900 std::_Throw_Cpp_error 43 API calls 16564->16565 16566 de88bf 16565->16566 16566->16527 16568 df77f9 std::ios_base::_Ios_base_dtor 16567->16568 16569 df77dc 16567->16569 16568->16463 16569->16568 16570 e08c60 std::_Throw_Cpp_error 41 API calls 16569->16570 16571 df7824 16570->16571 16573 df703c 16572->16573 16574 df6ff9 16572->16574 16573->16573 16574->16573 16576 e03662 std::_Facet_Register 43 API calls 16574->16576 16579 df7013 16574->16579 16575 df701c 16575->16469 16576->16579 16577 e03662 std::_Facet_Register 43 API calls 16578 df7035 16577->16578 16578->16469 16579->16575 16579->16577 16581 df7882 std::ios_base::_Ios_base_dtor 16580->16581 16582 df783d 16580->16582 16581->16482 16582->16581 16583 e08c60 std::_Throw_Cpp_error 41 API calls 16582->16583 16584 df78b6 16583->16584 16586 e01fa2 16585->16586 16587 e01f95 FindClose 16585->16587 16586->16486 16587->16586 16588 e01fa6 16587->16588 16589 e141b6 __Getctype 41 API calls 16588->16589 16590 e01fab 16589->16590 16591 e01f8c 41 API calls 16590->16591 16592 e01fba FindFirstFileExW 16591->16592 16593 e01fd5 16592->16593 16594 e01fd9 GetLastError 16592->16594 16593->16486 16594->16593 16596 ded02e 16595->16596 16597 ded01a 16595->16597 16599 de9910 16596->16599 16597->16596 16598 e01f8c 44 API calls 16597->16598 16598->16597 16600 de9928 16599->16600 16601 de9938 std::ios_base::_Ios_base_dtor 16599->16601 16600->16601 16602 e08c60 std::_Throw_Cpp_error 41 API calls 16600->16602 16601->16488 16603 de994d 16602->16603 16606 e0975a std::locale::_Setgloballocale 16604->16606 16605 e09761 16607 e116ef __floor_pentium4 14 API calls 16605->16607 16606->16605 16608 e09781 16606->16608 16609 e09766 16607->16609 16610 e09793 16608->16610 16611 e09786 16608->16611 16612 e08c50 ___std_exception_copy 41 API calls 16609->16612 16621 e1a8e1 16610->16621 16614 e116ef __floor_pentium4 14 API calls 16611->16614 16613 e09771 16612->16613 16613->15557 16613->15796 16614->16613 16617 e097b0 16629 e097ee 16617->16629 16618 e097a3 16619 e116ef __floor_pentium4 14 API calls 16618->16619 16619->16613 16622 e1a8ed std::locale::_Setgloballocale 16621->16622 16633 e1423b RtlEnterCriticalSection 16622->16633 16624 e1a8fb 16634 e1a985 16624->16634 16630 e097f2 16629->16630 16654 e11254 RtlLeaveCriticalSection 16630->16654 16632 e09803 16632->16613 16633->16624 16635 e1a9a8 16634->16635 16636 e1aa00 16635->16636 16643 e1a908 16635->16643 16650 e11240 RtlEnterCriticalSection 16635->16650 16651 e11254 RtlLeaveCriticalSection 16635->16651 16637 e1a64c __Getctype 14 API calls 16636->16637 16638 e1aa09 16637->16638 16640 e1b00c ___std_exception_destroy 14 API calls 16638->16640 16641 e1aa12 16640->16641 16642 e1b7e6 std::locale::_Setgloballocale 6 API calls 16641->16642 16641->16643 16644 e1aa31 16642->16644 16647 e1a941 16643->16647 16652 e11240 RtlEnterCriticalSection 16644->16652 16653 e14283 RtlLeaveCriticalSection 16647->16653 16649 e0979c 16649->16617 16649->16618 16650->16635 16651->16635 16652->16643 16653->16649 16654->16632 16669 e0ce69 16655->16669 16657 e0d6ef 16663 e0d713 16657->16663 16676 e0e1c0 16657->16676 16658 e0d6a7 16658->16657 16659 e0d6bc 16658->16659 16668 e0d6d7 std::_Locinfo::_Locinfo_ctor 16658->16668 16660 e08bd3 ___std_exception_copy 41 API calls 16659->16660 16660->16668 16664 e0d737 16663->16664 16683 e0ce84 16663->16683 16665 e0d7bf 16664->16665 16690 e0ce12 16664->16690 16666 e0ce12 41 API calls 16665->16666 16666->16668 16668->15777 16670 e0ce81 16669->16670 16671 e0ce6e 16669->16671 16670->16658 16672 e116ef __floor_pentium4 14 API calls 16671->16672 16673 e0ce73 16672->16673 16674 e08c50 ___std_exception_copy 41 API calls 16673->16674 16675 e0ce7e 16674->16675 16675->16658 16677 e08a37 ___std_exception_copy 41 API calls 16676->16677 16678 e0e1d0 16677->16678 16696 e1a14c 16678->16696 16684 e0ce90 16683->16684 16687 e0cea6 16683->16687 16685 e1453e __Getctype 41 API calls 16684->16685 16688 e0ce9b std::_Locinfo::_Locinfo_ctor 16685->16688 16686 e0ceb6 16686->16663 16687->16686 16840 e19a29 16687->16840 16688->16663 16691 e0ce23 16690->16691 16692 e0ce37 16690->16692 16691->16692 16693 e116ef __floor_pentium4 14 API calls 16691->16693 16692->16665 16694 e0ce2c 16693->16694 16695 e08c50 ___std_exception_copy 41 API calls 16694->16695 16695->16692 16697 e1a163 16696->16697 16698 e0e1ed 16696->16698 16697->16698 16699 e22380 __Getctype 41 API calls 16697->16699 16700 e1a1aa 16698->16700 16699->16698 16701 e1a1c1 16700->16701 16703 e0e1fa 16700->16703 16701->16703 16704 e206ab 16701->16704 16703->16663 16705 e19e32 __Getctype 41 API calls 16704->16705 16706 e206b0 16705->16706 16709 e205c3 16706->16709 16708 e206bb 16708->16703 16710 e205cf std::locale::_Setgloballocale 16709->16710 16716 e205e9 16710->16716 16724 e1423b RtlEnterCriticalSection 16710->16724 16712 e205f9 16720 e1b00c ___std_exception_destroy 14 API calls 16712->16720 16722 e20625 16712->16722 16713 e205f0 16713->16708 16715 e141b6 __Getctype 41 API calls 16717 e20662 16715->16717 16716->16713 16716->16715 16718 e2069e 16717->16718 16728 e19eed 16717->16728 16718->16708 16720->16722 16725 e20642 16722->16725 16724->16712 16776 e14283 RtlLeaveCriticalSection 16725->16776 16727 e20649 16727->16716 16729 e19ef8 16728->16729 16733 e19efe 16728->16733 16731 e1b64e __Getctype 6 API calls 16729->16731 16730 e1b68d __Getctype 6 API calls 16732 e19f18 16730->16732 16731->16733 16734 e19f04 16732->16734 16735 e1a64c __Getctype 14 API calls 16732->16735 16733->16730 16733->16734 16736 e141b6 __Getctype 41 API calls 16734->16736 16737 e19f09 16734->16737 16738 e19f28 16735->16738 16739 e19f82 16736->16739 16753 e2046e 16737->16753 16740 e19f30 16738->16740 16741 e19f45 16738->16741 16742 e1b68d __Getctype 6 API calls 16740->16742 16743 e1b68d __Getctype 6 API calls 16741->16743 16744 e19f3c 16742->16744 16745 e19f51 16743->16745 16750 e1b00c ___std_exception_destroy 14 API calls 16744->16750 16746 e19f55 16745->16746 16747 e19f64 16745->16747 16748 e1b68d __Getctype 6 API calls 16746->16748 16749 e19c60 __Getctype 14 API calls 16747->16749 16748->16744 16751 e19f6f 16749->16751 16750->16734 16752 e1b00c ___std_exception_destroy 14 API calls 16751->16752 16752->16737 16754 e205c3 std::_Locinfo::_Locinfo_ctor 51 API calls 16753->16754 16755 e20498 16754->16755 16777 e201f5 16755->16777 16758 e204b1 16758->16718 16761 e204ca 16763 e1b00c ___std_exception_destroy 14 API calls 16761->16763 16762 e204d8 16791 e206be 16762->16791 16763->16758 16766 e20510 16767 e116ef __floor_pentium4 14 API calls 16766->16767 16769 e20515 16767->16769 16768 e20557 16771 e205a0 16768->16771 16802 e200e7 16768->16802 16772 e1b00c ___std_exception_destroy 14 API calls 16769->16772 16770 e2052b std::_Locinfo::_Locinfo_ctor 16770->16768 16773 e1b00c ___std_exception_destroy 14 API calls 16770->16773 16775 e1b00c ___std_exception_destroy 14 API calls 16771->16775 16772->16758 16773->16768 16775->16758 16776->16727 16810 e0959e 16777->16810 16780 e20216 GetOEMCP 16782 e2023f 16780->16782 16781 e20228 16781->16782 16783 e2022d GetACP 16781->16783 16782->16758 16784 e1b086 16782->16784 16783->16782 16785 e1b0c4 16784->16785 16789 e1b094 __Getctype 16784->16789 16786 e116ef __floor_pentium4 14 API calls 16785->16786 16788 e1b0c2 16786->16788 16787 e1b0af RtlAllocateHeap 16787->16788 16787->16789 16788->16761 16788->16762 16789->16785 16789->16787 16790 e15a79 std::_Facet_Register 2 API calls 16789->16790 16790->16789 16792 e201f5 std::_Locinfo::_Locinfo_ctor 49 API calls 16791->16792 16793 e206de 16792->16793 16794 e20736 std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 16793->16794 16796 e2071b IsValidCodePage 16793->16796 16801 e207e3 std::_Locinfo::_Locinfo_ctor 16793->16801 16818 e202c9 16794->16818 16795 e03d67 _ValidateLocalCookies 5 API calls 16798 e20505 16795->16798 16797 e2072d 16796->16797 16796->16801 16797->16794 16799 e20756 GetCPInfo 16797->16799 16798->16766 16798->16770 16799->16794 16799->16801 16801->16795 16803 e200f3 std::locale::_Setgloballocale 16802->16803 16829 e1423b RtlEnterCriticalSection 16803->16829 16805 e200fd 16830 e20134 16805->16830 16811 e095bc 16810->16811 16817 e095b5 16810->16817 16812 e19e32 __Getctype 41 API calls 16811->16812 16811->16817 16813 e095dd 16812->16813 16814 e1a11f __Getctype 41 API calls 16813->16814 16815 e095f3 16814->16815 16816 e1a17d std::_Locinfo::_Locinfo_ctor 51 API calls 16815->16816 16816->16817 16817->16780 16817->16781 16819 e202f1 GetCPInfo 16818->16819 16820 e203ba 16818->16820 16819->16820 16826 e20309 16819->16826 16821 e03d67 _ValidateLocalCookies 5 API calls 16820->16821 16824 e2046c 16821->16824 16822 e1f43b std::_Locinfo::_Locinfo_ctor 50 API calls 16823 e20371 16822->16823 16825 e1a898 std::_Locinfo::_Locinfo_ctor 50 API calls 16823->16825 16824->16801 16827 e20392 16825->16827 16826->16822 16828 e1a898 std::_Locinfo::_Locinfo_ctor 50 API calls 16827->16828 16828->16820 16829->16805 16831 e0cedb std::_Locinfo::_Locinfo_ctor 41 API calls 16830->16831 16832 e20156 16831->16832 16833 e0cedb std::_Locinfo::_Locinfo_ctor 41 API calls 16832->16833 16834 e20175 16833->16834 16835 e2010a 16834->16835 16836 e1b00c ___std_exception_destroy 14 API calls 16834->16836 16837 e20128 16835->16837 16836->16835 16838 e14283 std::_Lockit::~_Lockit RtlLeaveCriticalSection 16837->16838 16839 e20116 16838->16839 16839->16771 16841 e0959e std::_Locinfo::_Locinfo_ctor 51 API calls 16840->16841 16843 e19a46 16841->16843 16842 e19a56 16845 e03d67 _ValidateLocalCookies 5 API calls 16842->16845 16843->16842 16847 e1f43b 16843->16847 16846 e19af2 16845->16846 16846->16686 16848 e0959e std::_Locinfo::_Locinfo_ctor 50 API calls 16847->16848 16849 e1f45b 16848->16849 16862 e1b16c 16849->16862 16851 e1f488 16853 e1f50f 16851->16853 16854 e1b086 std::_Locinfo::_Locinfo_ctor 15 API calls 16851->16854 16857 e1f517 16851->16857 16858 e1f4ad std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 16851->16858 16852 e03d67 _ValidateLocalCookies 5 API calls 16855 e1f53a 16852->16855 16865 e03265 16853->16865 16854->16858 16855->16842 16857->16852 16858->16853 16859 e1b16c std::_Locinfo::_Locinfo_ctor MultiByteToWideChar 16858->16859 16860 e1f4f6 16859->16860 16860->16853 16861 e1f4fd GetStringTypeW 16860->16861 16861->16853 16869 e1b0d4 16862->16869 16866 e03280 16865->16866 16867 e0326f 16865->16867 16866->16857 16867->16866 16868 e11c86 ___std_exception_destroy 14 API calls 16867->16868 16868->16866 16870 e1b0e5 MultiByteToWideChar 16869->16870 16870->16851 16872 deab55 16871->16872 16873 deaba3 16872->16873 16880 dee8a0 16872->16880 16875 deab83 16875->15788 16877 dd3459 16876->16877 16884 e10dc7 16877->16884 16881 dee8ce 16880->16881 16882 dee8f8 std::_Locinfo::_Locinfo_ctor 16880->16882 16883 dd32d0 std::_Throw_Cpp_error 43 API calls 16881->16883 16882->16875 16883->16882 16885 e10ddb ___std_exception_copy 16884->16885 16890 e0e555 16885->16890 16888 e0898c ___std_exception_copy 41 API calls 16889 dd3467 WriteProcessMemory WriteProcessMemory CreateRemoteThread WaitForSingleObject 16888->16889 16889->15792 16889->15793 16891 e0e581 16890->16891 16892 e0e5a4 16890->16892 16893 e08bd3 ___std_exception_copy 41 API calls 16891->16893 16892->16891 16896 e0e5ac 16892->16896 16894 e0e599 16893->16894 16895 e03d67 _ValidateLocalCookies 5 API calls 16894->16895 16897 e0e6c7 16895->16897 16901 e0fa97 16896->16901 16897->16888 16919 e10afd 16901->16919 16904 e0fabc 16905 e08bd3 ___std_exception_copy 41 API calls 16904->16905 16906 e0e62d 16905->16906 16916 e0f27d 16906->16916 16907 e0fae4 std::_Locinfo::_Locinfo_ctor 16907->16906 16910 e0e1c0 std::_Locinfo::_Locinfo_ctor 51 API calls 16907->16910 16912 e0fbc0 16907->16912 16923 e0f48b 16907->16923 16926 e0fec4 16907->16926 16960 e1035f 16907->16960 16910->16907 16913 e08bd3 ___std_exception_copy 41 API calls 16912->16913 16914 e0fbda 16913->16914 16915 e08bd3 ___std_exception_copy 41 API calls 16914->16915 16915->16906 16917 e1b00c ___std_exception_destroy 14 API calls 16916->16917 16918 e0f28d 16917->16918 16918->16894 16920 e10b08 16919->16920 16922 e0fab1 16919->16922 16921 e08bd3 ___std_exception_copy 41 API calls 16920->16921 16921->16922 16922->16904 16922->16906 16922->16907 16989 e0e832 16923->16989 16925 e0f4c6 16925->16907 16927 e0fee2 16926->16927 16928 e0fecb 16926->16928 16929 e08bd3 ___std_exception_copy 41 API calls 16927->16929 16943 e0ff21 16927->16943 16930 e103e4 16928->16930 16931 e10384 16928->16931 16928->16943 16932 e0ff16 16929->16932 16935 e103e9 16930->16935 16936 e1041d 16930->16936 16933 e1040a 16931->16933 16934 e1038a 16931->16934 16932->16907 17024 e0ebec 16933->17024 16944 e1038f 16934->16944 16947 e103db 16934->16947 16937 e10416 16935->16937 16942 e103eb 16935->16942 16938 e1043a 16936->16938 16939 e10422 16936->16939 17031 e10a20 16937->17031 17035 e10a3d 16938->17035 16939->16933 16939->16947 16958 e103b5 16939->16958 16941 e1039e 16959 e10443 16941->16959 16999 e10775 16941->16999 16942->16941 16951 e103fa 16942->16951 16943->16907 16944->16941 16949 e103c8 16944->16949 16944->16958 16947->16959 17013 e0ed79 16947->17013 16949->16959 17009 e10906 16949->17009 16951->16933 16953 e103fe 16951->16953 16953->16959 17020 e1099b 16953->17020 16954 e03d67 _ValidateLocalCookies 5 API calls 16956 e106bc 16954->16956 16956->16907 16958->16959 17038 e1c5ac 16958->17038 16959->16954 16961 e103e4 16960->16961 16962 e10384 16960->16962 16963 e103e9 16961->16963 16964 e1041d 16961->16964 16965 e1038a 16962->16965 16966 e1040a 16962->16966 16967 e10416 16963->16967 16968 e103eb 16963->16968 16969 e10422 16964->16969 16970 e1043a 16964->16970 16975 e1038f 16965->16975 16976 e103db 16965->16976 16973 e0ebec 42 API calls 16966->16973 16974 e10a20 42 API calls 16967->16974 16971 e1039e 16968->16971 16979 e103fa 16968->16979 16969->16966 16969->16976 16987 e103b5 16969->16987 16972 e10a3d 42 API calls 16970->16972 16977 e10775 53 API calls 16971->16977 16988 e10443 16971->16988 16972->16987 16973->16987 16974->16987 16975->16971 16978 e103c8 16975->16978 16975->16987 16980 e0ed79 42 API calls 16976->16980 16976->16988 16977->16987 16982 e10906 52 API calls 16978->16982 16978->16988 16979->16966 16981 e103fe 16979->16981 16980->16987 16984 e1099b 41 API calls 16981->16984 16981->16988 16982->16987 16983 e03d67 _ValidateLocalCookies 5 API calls 16985 e106bc 16983->16985 16984->16987 16985->16907 16986 e1c5ac 52 API calls 16986->16987 16987->16986 16987->16988 16988->16983 16990 e0ce69 std::_Locinfo::_Locinfo_ctor 41 API calls 16989->16990 16991 e0e844 16990->16991 16992 e0e859 16991->16992 16995 e0e88c 16991->16995 16998 e0e874 std::_Locinfo::_Locinfo_ctor 16991->16998 16993 e08bd3 ___std_exception_copy 41 API calls 16992->16993 16993->16998 16994 e0e923 16996 e0ce12 41 API calls 16994->16996 16995->16994 16997 e0ce12 41 API calls 16995->16997 16996->16998 16997->16994 16998->16925 17000 e1078f 16999->17000 17048 e0e780 17000->17048 17002 e107ce 17059 e1c42b 17002->17059 17005 e0e1c0 std::_Locinfo::_Locinfo_ctor 51 API calls 17006 e10885 17005->17006 17007 e0e1c0 std::_Locinfo::_Locinfo_ctor 51 API calls 17006->17007 17008 e108b8 17006->17008 17007->17008 17008->16958 17008->17008 17010 e10921 17009->17010 17011 e10957 17010->17011 17012 e1c5ac 52 API calls 17010->17012 17011->16958 17012->17011 17014 e0ed8e 17013->17014 17015 e0edb0 17014->17015 17017 e0edd7 17014->17017 17016 e08bd3 ___std_exception_copy 41 API calls 17015->17016 17019 e0edcd 17016->17019 17018 e0e780 15 API calls 17017->17018 17017->17019 17018->17019 17019->16958 17023 e109b1 17020->17023 17021 e08bd3 ___std_exception_copy 41 API calls 17022 e109d2 17021->17022 17022->16958 17023->17021 17023->17022 17025 e0ec01 17024->17025 17026 e0ec23 17025->17026 17028 e0ec4a 17025->17028 17027 e08bd3 ___std_exception_copy 41 API calls 17026->17027 17030 e0ec40 17027->17030 17029 e0e780 15 API calls 17028->17029 17028->17030 17029->17030 17030->16958 17032 e10a2c 17031->17032 17123 e0ea5f 17032->17123 17034 e10a3c 17034->16958 17036 e0ed79 42 API calls 17035->17036 17037 e10a52 17036->17037 17037->16958 17039 e1c5c1 17038->17039 17041 e0e1c0 std::_Locinfo::_Locinfo_ctor 51 API calls 17039->17041 17042 e1c602 17039->17042 17045 e1c5ee std::locale::_Setgloballocale 17039->17045 17047 e1c5c5 std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 17039->17047 17040 e08bd3 ___std_exception_copy 41 API calls 17040->17047 17041->17042 17042->17045 17042->17047 17130 e1ec43 17042->17130 17044 e1c6bd 17046 e1c6d3 GetLastError 17044->17046 17044->17047 17045->17040 17045->17047 17046->17045 17046->17047 17047->16958 17049 e0e795 17048->17049 17050 e0e7a7 17048->17050 17049->17002 17050->17049 17051 e1b086 std::_Locinfo::_Locinfo_ctor 15 API calls 17050->17051 17052 e0e7cb 17051->17052 17053 e0e7d3 17052->17053 17054 e0e7de 17052->17054 17055 e1b00c ___std_exception_destroy 14 API calls 17053->17055 17078 e0f297 17054->17078 17055->17049 17058 e1b00c ___std_exception_destroy 14 API calls 17058->17049 17060 e1c460 17059->17060 17063 e1c43c 17059->17063 17062 e1c493 17060->17062 17060->17063 17061 e08bd3 ___std_exception_copy 41 API calls 17072 e10861 17061->17072 17064 e1c4cc 17062->17064 17067 e1c4fb 17062->17067 17063->17061 17081 e1c2cf 17064->17081 17065 e1c524 17070 e1c551 17065->17070 17071 e1c58b 17065->17071 17066 e1c529 17089 e1bb58 17066->17089 17067->17065 17067->17066 17073 e1c571 17070->17073 17074 e1c556 17070->17074 17116 e1be85 17071->17116 17072->17005 17072->17006 17109 e1c07c 17073->17109 17099 e1c200 17074->17099 17079 e1b00c ___std_exception_destroy 14 API calls 17078->17079 17080 e0e7e9 17079->17080 17080->17058 17082 e1c2e5 17081->17082 17083 e1c2f0 17081->17083 17082->17072 17084 e19995 ___std_exception_copy 41 API calls 17083->17084 17085 e1c34b 17084->17085 17086 e1c355 17085->17086 17087 e08c7d __Getctype 11 API calls 17085->17087 17086->17072 17088 e1c363 17087->17088 17090 e1bb6b 17089->17090 17091 e1bb7a 17090->17091 17092 e1bb9c 17090->17092 17094 e08bd3 ___std_exception_copy 41 API calls 17091->17094 17093 e1bbb1 17092->17093 17096 e1bc04 17092->17096 17095 e1be85 53 API calls 17093->17095 17098 e1bb92 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z std::locale::_Setgloballocale __allrem _strrchr 17094->17098 17095->17098 17097 e0e1c0 std::_Locinfo::_Locinfo_ctor 51 API calls 17096->17097 17096->17098 17097->17098 17098->17072 17100 e247ad 43 API calls 17099->17100 17101 e1c230 17100->17101 17102 e246b3 41 API calls 17101->17102 17103 e1c26e 17102->17103 17104 e1c2ae 17103->17104 17106 e1c287 17103->17106 17108 e1c275 17103->17108 17105 e1bf29 51 API calls 17104->17105 17105->17108 17107 e1c112 51 API calls 17106->17107 17107->17108 17108->17072 17110 e247ad 43 API calls 17109->17110 17111 e1c0ab 17110->17111 17112 e246b3 41 API calls 17111->17112 17113 e1c0ec 17112->17113 17114 e1c0f3 17113->17114 17115 e1c112 51 API calls 17113->17115 17114->17072 17115->17114 17117 e247ad 43 API calls 17116->17117 17118 e1beaf 17117->17118 17119 e246b3 41 API calls 17118->17119 17120 e1befd 17119->17120 17121 e1bf04 17120->17121 17122 e1bf29 51 API calls 17120->17122 17121->17072 17122->17121 17124 e0ea74 17123->17124 17125 e0ea96 17124->17125 17127 e0eabd 17124->17127 17126 e08bd3 ___std_exception_copy 41 API calls 17125->17126 17129 e0eab3 17126->17129 17128 e0e780 15 API calls 17127->17128 17127->17129 17128->17129 17129->17034 17131 e1ec56 std::_Locinfo::_Locinfo_ctor 17130->17131 17132 e1ec94 WideCharToMultiByte 17131->17132 17132->17044 17134 e11430 17133->17134 17135 e11408 17133->17135 17134->15799 17135->17134 17136 e11415 17135->17136 17137 e11437 17135->17137 17139 e08bd3 ___std_exception_copy 41 API calls 17136->17139 17141 e11353 17137->17141 17139->17134 17142 e1135f std::locale::_Setgloballocale 17141->17142 17149 e11240 RtlEnterCriticalSection 17142->17149 17144 e1136d 17150 e113ae 17144->17150 17149->17144 17160 e1c89c 17150->17160 17157 e113a2 17302 e11254 RtlLeaveCriticalSection 17157->17302 17159 e1138b 17159->15799 17180 e1c85e 17160->17180 17162 e113c6 17167 e11471 17162->17167 17163 e1c8ad 17163->17162 17164 e1b086 std::_Locinfo::_Locinfo_ctor 15 API calls 17163->17164 17165 e1c906 17164->17165 17166 e1b00c ___std_exception_destroy 14 API calls 17165->17166 17166->17162 17170 e11483 17167->17170 17171 e113e4 17167->17171 17168 e11491 17169 e08bd3 ___std_exception_copy 41 API calls 17168->17169 17169->17171 17170->17168 17170->17171 17174 e114c7 std::_Locinfo::_Locinfo_ctor 17170->17174 17176 e1c947 17171->17176 17173 e1a1db 41 API calls 17173->17174 17174->17171 17174->17173 17196 e09a81 17174->17196 17202 e19668 17174->17202 17177 e1137a 17176->17177 17178 e1c952 17176->17178 17177->17157 17178->17177 17179 e09a81 74 API calls 17178->17179 17179->17177 17182 e1c86a 17180->17182 17181 e1c894 17181->17163 17182->17181 17183 e1a1db 41 API calls 17182->17183 17184 e1c885 17183->17184 17187 e23bd1 17184->17187 17186 e1c88b 17186->17163 17188 e23beb 17187->17188 17189 e23bde 17187->17189 17192 e23bf7 17188->17192 17193 e116ef __floor_pentium4 14 API calls 17188->17193 17190 e116ef __floor_pentium4 14 API calls 17189->17190 17191 e23be3 17190->17191 17191->17186 17192->17186 17194 e23c18 17193->17194 17195 e08c50 ___std_exception_copy 41 API calls 17194->17195 17195->17191 17197 e09ac1 17196->17197 17198 e09a9a 17196->17198 17197->17174 17198->17197 17199 e1a1db 41 API calls 17198->17199 17200 e09ab6 17199->17200 17201 e19668 74 API calls 17200->17201 17201->17197 17204 e19674 std::locale::_Setgloballocale 17202->17204 17203 e1967c 17203->17174 17204->17203 17205 e196b5 17204->17205 17207 e196fb 17204->17207 17206 e08bd3 ___std_exception_copy 41 API calls 17205->17206 17206->17203 17213 e1e6b2 RtlEnterCriticalSection 17207->17213 17209 e19701 17210 e1971f 17209->17210 17214 e19779 17209->17214 17242 e19771 17210->17242 17213->17209 17215 e197a1 17214->17215 17241 e197c4 17214->17241 17216 e197a5 17215->17216 17218 e19800 17215->17218 17217 e08bd3 ___std_exception_copy 41 API calls 17216->17217 17217->17241 17219 e1981e 17218->17219 17252 e1262d 17218->17252 17245 e192be 17219->17245 17223 e19836 17225 e19865 17223->17225 17226 e1983e 17223->17226 17224 e1987d 17227 e19891 17224->17227 17228 e198e6 WriteFile 17224->17228 17260 e18e8f GetConsoleOutputCP 17225->17260 17226->17241 17255 e19256 17226->17255 17231 e198d2 17227->17231 17232 e19899 17227->17232 17230 e19908 GetLastError 17228->17230 17228->17241 17230->17241 17288 e1933b 17231->17288 17236 e198be 17232->17236 17237 e1989e 17232->17237 17235 e19878 17235->17241 17280 e194ff 17236->17280 17238 e198a7 17237->17238 17237->17241 17273 e19416 17238->17273 17241->17210 17301 e1e767 RtlLeaveCriticalSection 17242->17301 17244 e19777 17244->17203 17246 e23bd1 41 API calls 17245->17246 17248 e192d0 17246->17248 17247 e19334 17247->17223 17247->17224 17248->17247 17249 e0e1c0 std::_Locinfo::_Locinfo_ctor 51 API calls 17248->17249 17251 e192fe 17248->17251 17249->17251 17250 e19318 GetConsoleMode 17250->17247 17251->17247 17251->17250 17295 e1250c 17252->17295 17254 e12646 17254->17219 17257 e19278 17255->17257 17259 e192ad 17255->17259 17256 e192af GetLastError 17256->17259 17257->17256 17258 e23d9e CreateFileW CloseHandle WriteConsoleW GetLastError WriteConsoleW 17257->17258 17257->17259 17258->17257 17259->17241 17261 e18f01 17260->17261 17270 e18f08 std::_Locinfo::_Locinfo_ctor 17260->17270 17262 e0e1c0 std::_Locinfo::_Locinfo_ctor 51 API calls 17261->17262 17262->17270 17263 e03d67 _ValidateLocalCookies 5 API calls 17264 e1924f 17263->17264 17264->17235 17265 e1c716 51 API calls 17265->17270 17266 e23c96 5 API calls std::_Locinfo::_Locinfo_ctor 17266->17270 17267 e191be 17267->17263 17267->17267 17268 e1ec43 std::_Locinfo::_Locinfo_ctor WideCharToMultiByte 17268->17270 17269 e19137 WriteFile 17269->17270 17271 e1922d GetLastError 17269->17271 17270->17265 17270->17266 17270->17267 17270->17268 17270->17269 17272 e19175 WriteFile 17270->17272 17271->17267 17272->17270 17272->17271 17275 e19425 17273->17275 17274 e194e4 17277 e03d67 _ValidateLocalCookies 5 API calls 17274->17277 17275->17274 17276 e1949a WriteFile 17275->17276 17276->17275 17279 e194e6 GetLastError 17276->17279 17278 e194fd 17277->17278 17278->17241 17279->17274 17283 e1950e 17280->17283 17281 e03d67 _ValidateLocalCookies 5 API calls 17282 e1962f 17281->17282 17282->17235 17284 e1ec43 std::_Locinfo::_Locinfo_ctor WideCharToMultiByte 17283->17284 17285 e19618 GetLastError 17283->17285 17286 e195cd WriteFile 17283->17286 17287 e19616 17283->17287 17284->17283 17285->17287 17286->17283 17286->17285 17287->17281 17293 e1934a 17288->17293 17289 e193fb 17290 e03d67 _ValidateLocalCookies 5 API calls 17289->17290 17291 e19414 17290->17291 17291->17235 17292 e193ba WriteFile 17292->17293 17294 e193fd GetLastError 17292->17294 17293->17289 17293->17292 17294->17289 17296 e1e92e 41 API calls 17295->17296 17297 e1251e 17296->17297 17298 e1253a SetFilePointerEx 17297->17298 17300 e12526 17297->17300 17299 e12552 GetLastError 17298->17299 17298->17300 17299->17300 17300->17254 17301->17244 17302->17159 17304 e0cf7f std::locale::_Setgloballocale 17303->17304 17305 e0cf89 17304->17305 17306 e0cfac 17304->17306 17308 e08bd3 ___std_exception_copy 41 API calls 17305->17308 17307 e0cfa4 17306->17307 17314 e11240 RtlEnterCriticalSection 17306->17314 17307->15805 17308->17307 17310 e0cfca 17315 e0d00a 17310->17315 17312 e0cfd7 17329 e0d002 17312->17329 17314->17310 17316 e0d017 17315->17316 17317 e0d03a 17315->17317 17318 e08bd3 ___std_exception_copy 41 API calls 17316->17318 17319 e09a81 74 API calls 17317->17319 17327 e0d032 17317->17327 17318->17327 17320 e0d052 17319->17320 17332 e1b046 17320->17332 17323 e1a1db 41 API calls 17324 e0d066 17323->17324 17336 e18d1c 17324->17336 17327->17312 17328 e1b00c ___std_exception_destroy 14 API calls 17328->17327 17394 e11254 RtlLeaveCriticalSection 17329->17394 17331 e0d008 17331->17307 17333 e0d05a 17332->17333 17334 e1b05d 17332->17334 17333->17323 17334->17333 17335 e1b00c ___std_exception_destroy 14 API calls 17334->17335 17335->17333 17337 e18d45 17336->17337 17342 e0d06d 17336->17342 17338 e18d94 17337->17338 17340 e18d6c 17337->17340 17339 e08bd3 ___std_exception_copy 41 API calls 17338->17339 17339->17342 17343 e18c8b 17340->17343 17342->17327 17342->17328 17344 e18c97 std::locale::_Setgloballocale 17343->17344 17351 e1e6b2 RtlEnterCriticalSection 17344->17351 17346 e18ca5 17347 e18cd6 17346->17347 17352 e18def 17346->17352 17365 e18d10 17347->17365 17351->17346 17368 e1e92e 17352->17368 17354 e18dff 17355 e18e05 17354->17355 17356 e18e37 17354->17356 17358 e1e92e 41 API calls 17354->17358 17381 e1e89d 17355->17381 17356->17355 17359 e1e92e 41 API calls 17356->17359 17360 e18e2e 17358->17360 17361 e18e43 FindCloseChangeNotification 17359->17361 17362 e1e92e 41 API calls 17360->17362 17361->17355 17363 e18e4f GetLastError 17361->17363 17362->17356 17363->17355 17364 e18e5d 17364->17347 17393 e1e767 RtlLeaveCriticalSection 17365->17393 17367 e18cf9 17367->17342 17369 e1e950 17368->17369 17370 e1e93b 17368->17370 17373 e116dc 14 API calls 17369->17373 17375 e1e975 17369->17375 17390 e116dc 17370->17390 17376 e1e980 17373->17376 17374 e116ef __floor_pentium4 14 API calls 17377 e1e948 17374->17377 17375->17354 17378 e116ef __floor_pentium4 14 API calls 17376->17378 17377->17354 17379 e1e988 17378->17379 17380 e08c50 ___std_exception_copy 41 API calls 17379->17380 17380->17377 17382 e1e913 17381->17382 17383 e1e8ac 17381->17383 17384 e116ef __floor_pentium4 14 API calls 17382->17384 17383->17382 17389 e1e8d6 17383->17389 17385 e1e918 17384->17385 17386 e116dc 14 API calls 17385->17386 17387 e1e903 17386->17387 17387->17364 17388 e1e8fd SetStdHandle 17388->17387 17389->17387 17389->17388 17391 e19f85 std::locale::_Setgloballocale 14 API calls 17390->17391 17392 e116e1 17391->17392 17392->17374 17393->17367 17394->17331 17396 df215f 17395->17396 17451 e1132b 17396->17451 17400 deb4f0 17401 dedb10 17400->17401 17402 dede3d 17401->17402 17403 dedb56 17401->17403 17405 defd70 43 API calls 17402->17405 17503 deebb0 17403->17503 17407 dede87 17405->17407 17406 dedba4 17409 defd70 43 API calls 17406->17409 17408 deeda0 56 API calls 17407->17408 17423 dedf4f std::ios_base::_Ios_base_dtor 17407->17423 17410 dedee2 17408->17410 17411 dedbc1 17409->17411 17413 dd75c0 43 API calls 17410->17413 17450 dedcc3 std::ios_base::_Ios_base_dtor 17411->17450 17507 deeda0 17411->17507 17412 dede38 std::ios_base::_Ios_base_dtor 17412->15816 17415 dedf06 17413->17415 17418 def440 56 API calls 17415->17418 17416 dedc1c 17554 dd75c0 17416->17554 17417 e08c60 std::_Throw_Cpp_error 41 API calls 17420 dee06f 17417->17420 17431 dedf1f 17418->17431 17603 de90b0 17420->17603 17421 dee093 17428 de90b0 42 API calls 17421->17428 17422 dedc40 17584 def440 17422->17584 17423->17412 17423->17417 17440 dee0b2 17423->17440 17424 dedcec 17598 de35b0 17424->17598 17433 dee0a1 17428->17433 17429 dedd82 17434 de35b0 41 API calls 17429->17434 17430 e051eb Concurrency::cancel_current_task RaiseException 17435 dee08e 17430->17435 17431->17421 17436 dd7a20 14 API calls 17431->17436 17432 dedc56 17432->17420 17439 dedc6b 17432->17439 17437 e051eb Concurrency::cancel_current_task RaiseException 17433->17437 17441 dedd6c 17434->17441 17438 e08c60 std::_Throw_Cpp_error 41 API calls 17435->17438 17436->17423 17437->17440 17438->17421 17593 dd7a20 17439->17593 17443 e08c60 std::_Throw_Cpp_error 41 API calls 17440->17443 17442 de35b0 41 API calls 17441->17442 17445 dede26 17442->17445 17447 dee0b7 17443->17447 17448 de35b0 41 API calls 17445->17448 17448->17412 17449 dedc86 17449->17435 17449->17450 17450->17424 17450->17429 17452 e19e32 __Getctype 41 API calls 17451->17452 17453 e11336 17452->17453 17454 e1a11f __Getctype 41 API calls 17453->17454 17455 df225f 17454->17455 17456 defd70 17455->17456 17459 defd84 17456->17459 17460 defde4 17456->17460 17458 deff6c 17458->17400 17463 defdc2 17459->17463 17470 df9e20 17459->17470 17466 defe74 17460->17466 17492 df01e0 17460->17492 17463->17460 17464 df9e20 43 API calls 17463->17464 17467 defe58 17463->17467 17464->17467 17465 defecc 17465->17458 17469 df9e20 43 API calls 17465->17469 17496 df08f0 17465->17496 17466->17400 17467->17466 17488 df1430 17467->17488 17469->17465 17471 df9f76 17470->17471 17472 df9e62 17470->17472 17473 dd3330 43 API calls 17471->17473 17474 df9e7c 17472->17474 17476 df9eca 17472->17476 17477 df9eba 17472->17477 17475 df9f7b 17473->17475 17479 e03662 std::_Facet_Register 43 API calls 17474->17479 17478 dd2b50 Concurrency::cancel_current_task 43 API calls 17475->17478 17480 e03662 std::_Facet_Register 43 API calls 17476->17480 17485 df9e9a std::_Locinfo::_Locinfo_ctor 17476->17485 17477->17474 17477->17475 17481 df9f80 17478->17481 17482 df9e8f 17479->17482 17480->17485 17483 e08c60 std::_Throw_Cpp_error 41 API calls 17481->17483 17482->17481 17482->17485 17484 df9f85 17483->17484 17486 df77d0 41 API calls 17485->17486 17487 df9f47 17486->17487 17487->17463 17489 df1443 17488->17489 17490 df1471 17489->17490 17491 df9e20 43 API calls 17489->17491 17490->17460 17491->17490 17493 df01f0 17492->17493 17494 df9e20 43 API calls 17493->17494 17495 df0260 17493->17495 17494->17493 17495->17465 17497 df1430 43 API calls 17496->17497 17499 df08fc 17497->17499 17498 df090a 17498->17465 17499->17498 17500 df9e20 43 API calls 17499->17500 17501 df0995 17499->17501 17500->17499 17501->17498 17502 df9e20 43 API calls 17501->17502 17502->17501 17504 deec6d 17503->17504 17606 df16c0 17504->17606 17506 deecdf 17506->17406 17508 deee46 17507->17508 17531 deef1f std::ios_base::_Ios_base_dtor 17507->17531 17509 def425 17508->17509 17512 dee8a0 43 API calls 17508->17512 17514 e08c60 std::_Throw_Cpp_error 41 API calls 17509->17514 17510 de8f00 std::_Throw_Cpp_error 43 API calls 17511 deef5b 17510->17511 17513 deef6a 17511->17513 17520 def191 17511->17520 17515 deee79 17512->17515 17516 def440 56 API calls 17513->17516 17517 def42f 17514->17517 17518 de8f00 std::_Throw_Cpp_error 43 API calls 17515->17518 17519 deef79 17516->17519 17521 e08c60 std::_Throw_Cpp_error 41 API calls 17517->17521 17522 deee93 17518->17522 17528 dd3040 std::_Throw_Cpp_error 43 API calls 17519->17528 17520->17520 17525 dd3040 std::_Throw_Cpp_error 43 API calls 17520->17525 17523 def434 17521->17523 17524 de8f00 std::_Throw_Cpp_error 43 API calls 17522->17524 17526 e08c60 std::_Throw_Cpp_error 41 API calls 17523->17526 17527 deeee3 17524->17527 17530 def1c9 17525->17530 17553 def375 std::ios_base::_Ios_base_dtor 17526->17553 17527->17509 17527->17531 17529 deefba 17528->17529 17532 de8f00 std::_Throw_Cpp_error 43 API calls 17529->17532 17533 defbf0 43 API calls 17530->17533 17531->17510 17535 deefcd 17532->17535 17536 def1e0 17533->17536 17534 e08c60 std::_Throw_Cpp_error 41 API calls 17537 def43e 17534->17537 17718 dee710 17535->17718 17539 de8f00 std::_Throw_Cpp_error 43 API calls 17536->17539 17543 def22f std::ios_base::_Ios_base_dtor 17539->17543 17540 def019 17541 de8f00 std::_Throw_Cpp_error 43 API calls 17540->17541 17542 def032 17541->17542 17544 de8f00 std::_Throw_Cpp_error 43 API calls 17542->17544 17543->17523 17548 def161 std::ios_base::_Ios_base_dtor 17543->17548 17547 def081 std::ios_base::_Ios_base_dtor 17544->17547 17545 def3f2 std::ios_base::_Ios_base_dtor 17545->17416 17546 dd3040 std::_Throw_Cpp_error 43 API calls 17549 def30c 17546->17549 17547->17517 17547->17548 17548->17545 17548->17546 17550 defbf0 43 API calls 17549->17550 17551 def323 17550->17551 17552 de8f00 std::_Throw_Cpp_error 43 API calls 17551->17552 17552->17553 17553->17534 17553->17545 17723 dd4e30 17554->17723 17557 dd4e30 43 API calls 17558 dd762b 17557->17558 17559 deace0 43 API calls 17558->17559 17560 dd7640 17559->17560 17561 deabb0 43 API calls 17560->17561 17562 dd7656 17561->17562 17563 dee710 43 API calls 17562->17563 17565 dd766d std::ios_base::_Ios_base_dtor 17563->17565 17564 dd7a09 17566 e08c60 std::_Throw_Cpp_error 41 API calls 17564->17566 17565->17564 17568 dd770a std::ios_base::_Ios_base_dtor 17565->17568 17567 dd7a0e 17566->17567 17569 e08c60 std::_Throw_Cpp_error 41 API calls 17567->17569 17571 dd7350 43 API calls 17568->17571 17570 dd7a13 17569->17570 17572 dd77a4 17571->17572 17573 de8f00 std::_Throw_Cpp_error 43 API calls 17572->17573 17574 dd77b9 17573->17574 17575 dee710 43 API calls 17574->17575 17576 dd780c 17575->17576 17577 de8f00 std::_Throw_Cpp_error 43 API calls 17576->17577 17578 dd7828 17577->17578 17579 dead80 43 API calls 17578->17579 17580 dd7879 std::ios_base::_Ios_base_dtor 17579->17580 17580->17567 17581 dd7975 std::ios_base::_Ios_base_dtor 17580->17581 17582 dd72b0 42 API calls 17581->17582 17583 dd79ca 17582->17583 17583->17422 17585 def630 17584->17585 17591 def4c9 std::ios_base::_Ios_base_dtor std::_Locinfo::_Locinfo_ctor 17584->17591 17585->17432 17587 def647 17590 e08c60 std::_Throw_Cpp_error 41 API calls 17587->17590 17588 dd32d0 std::_Throw_Cpp_error 43 API calls 17588->17591 17589 de8f00 std::_Throw_Cpp_error 43 API calls 17589->17591 17592 def651 17590->17592 17591->17585 17591->17587 17591->17588 17591->17589 17727 dd34a0 17591->17727 17592->17432 17594 e04b68 ___std_exception_destroy 14 API calls 17593->17594 17595 dd7a61 17594->17595 17596 e04b68 ___std_exception_destroy 14 API calls 17595->17596 17597 dd7a77 17596->17597 17597->17449 17599 de35f1 std::ios_base::_Ios_base_dtor 17598->17599 17600 de35d1 17598->17600 17599->17441 17600->17599 17601 e08c60 std::_Throw_Cpp_error 41 API calls 17600->17601 17602 de3625 17601->17602 17602->17441 17734 de6590 17603->17734 17609 df17d0 17606->17609 17608 df16da std::locale::_Setgloballocale 17608->17506 17610 df1809 17609->17610 17616 df1838 17609->17616 17611 df1923 17610->17611 17614 df181b 17610->17614 17626 df1990 17611->17626 17614->17616 17617 df9f90 17614->17617 17616->17608 17618 dfa0a3 17617->17618 17619 df9fc2 17617->17619 17620 dd3330 43 API calls 17618->17620 17638 dfd180 17619->17638 17624 dfa000 std::_Locinfo::_Locinfo_ctor 17620->17624 17622 e08c60 std::_Throw_Cpp_error 41 API calls 17623 dfa0ad 17622->17623 17624->17622 17625 dfa05f std::ios_base::_Ios_base_dtor 17624->17625 17625->17616 17627 e01cda 43 API calls 17626->17627 17629 df199a 17627->17629 17628 df1928 17629->17628 17630 dd2cf0 std::_Throw_Cpp_error 43 API calls 17629->17630 17631 df1a03 17630->17631 17632 deace0 43 API calls 17631->17632 17633 df1a18 17632->17633 17646 dd7cf0 17633->17646 17635 df1a2d 17636 e051eb Concurrency::cancel_current_task RaiseException 17635->17636 17637 df1a3e 17636->17637 17639 dfd1c9 17638->17639 17640 dfd189 17638->17640 17639->17639 17640->17639 17642 e03662 std::_Facet_Register 43 API calls 17640->17642 17644 dfd1a0 17640->17644 17641 e03662 std::_Facet_Register 43 API calls 17643 dfd1c2 17641->17643 17642->17644 17643->17624 17644->17641 17645 dfd1a9 17644->17645 17645->17624 17677 dd7350 17646->17677 17648 dd7d80 17695 dead80 17648->17695 17650 dd7d94 17651 dd7dcd std::ios_base::_Ios_base_dtor 17650->17651 17653 dd7e33 17650->17653 17699 dd72b0 17651->17699 17655 e08c60 std::_Throw_Cpp_error 41 API calls 17653->17655 17654 dd7dfd 17654->17635 17656 dd7e38 17655->17656 17657 dd7350 43 API calls 17656->17657 17658 dd7ece 17657->17658 17659 dead80 43 API calls 17658->17659 17660 dd7ee2 17659->17660 17661 dd7f1b std::ios_base::_Ios_base_dtor 17660->17661 17664 dd7f81 17660->17664 17662 dd72b0 42 API calls 17661->17662 17663 dd7f4b 17662->17663 17663->17635 17665 e08c60 std::_Throw_Cpp_error 41 API calls 17664->17665 17666 dd7f86 17665->17666 17667 dd7350 43 API calls 17666->17667 17668 dd8029 17667->17668 17669 dead80 43 API calls 17668->17669 17670 dd803d 17669->17670 17671 dd8076 std::ios_base::_Ios_base_dtor 17670->17671 17673 dd80df 17670->17673 17672 dd72b0 42 API calls 17671->17672 17674 dd80aa 17672->17674 17675 e08c60 std::_Throw_Cpp_error 41 API calls 17673->17675 17674->17635 17676 dd80e4 17675->17676 17676->17635 17702 dd4d70 17677->17702 17686 de8f00 std::_Throw_Cpp_error 43 API calls 17687 dd73e6 17686->17687 17688 dd7476 std::ios_base::_Ios_base_dtor 17687->17688 17689 e08c60 std::_Throw_Cpp_error 41 API calls 17687->17689 17688->17648 17690 dd74c4 17689->17690 17691 e04b68 ___std_exception_destroy 14 API calls 17690->17691 17692 dd7511 17691->17692 17693 e04b68 ___std_exception_destroy 14 API calls 17692->17693 17694 dd7527 std::ios_base::_Ios_base_dtor 17693->17694 17694->17648 17696 deadb4 17695->17696 17697 de8f00 std::_Throw_Cpp_error 43 API calls 17696->17697 17698 deadbf 17697->17698 17698->17650 17700 e04b05 ___std_exception_copy 42 API calls 17699->17700 17701 dd731a 17700->17701 17701->17654 17703 dd4da6 17702->17703 17704 dd4dd8 17703->17704 17705 dd3040 std::_Throw_Cpp_error 43 API calls 17703->17705 17706 deac50 17704->17706 17705->17704 17707 deac81 17706->17707 17707->17707 17708 deacd3 17707->17708 17709 dee8a0 43 API calls 17707->17709 17710 dd73af 17709->17710 17711 deabb0 17710->17711 17712 deabe1 17711->17712 17712->17712 17713 de8f00 std::_Throw_Cpp_error 43 API calls 17712->17713 17714 dd73c2 17713->17714 17715 deae20 17714->17715 17716 dee710 43 API calls 17715->17716 17717 dd73d1 17716->17717 17717->17686 17719 dee753 17718->17719 17720 dd32d0 std::_Throw_Cpp_error 43 API calls 17719->17720 17721 dee758 std::_Locinfo::_Locinfo_ctor 17719->17721 17722 dee843 std::_Locinfo::_Locinfo_ctor 17720->17722 17721->17540 17722->17540 17724 dd4e66 17723->17724 17724->17724 17725 dd4ea8 17724->17725 17726 dd3040 std::_Throw_Cpp_error 43 API calls 17724->17726 17725->17557 17726->17725 17730 dd3380 17727->17730 17731 dd3399 17730->17731 17732 e10dc7 54 API calls 17731->17732 17733 dd33a7 17732->17733 17733->17591 17735 e04b05 ___std_exception_copy 42 API calls 17734->17735 17736 de65ce 17735->17736 17737 e04b05 ___std_exception_copy 42 API calls 17736->17737 17738 de6601 17737->17738 17738->17430 17740 e28e07 17739->17740 17743 e28bf8 17739->17743 17740->15819 17742 e28d28 std::locale::_Setgloballocale 17742->17740 17744 dd3130 43 API calls 17742->17744 17743->17742 17746 e087a0 17743->17746 17755 dd3130 17743->17755 17744->17742 17747 e087d3 17746->17747 17752 e087b7 17746->17752 17748 e19e32 __Getctype 41 API calls 17747->17748 17749 e087d8 17748->17749 17750 e1a11f __Getctype 41 API calls 17749->17750 17751 e087e8 17750->17751 17751->17752 17753 e19a29 51 API calls 17751->17753 17752->17743 17754 e0881a 17753->17754 17754->17743 17756 dd316f 17755->17756 17757 dd32b3 17755->17757 17759 dd3189 17756->17759 17761 dd31c7 17756->17761 17764 dd31d7 17756->17764 17758 dd3330 43 API calls 17757->17758 17760 dd32b8 17758->17760 17763 e03662 std::_Facet_Register 43 API calls 17759->17763 17762 dd2b50 Concurrency::cancel_current_task 43 API calls 17760->17762 17761->17759 17761->17760 17768 dd319c std::_Locinfo::_Locinfo_ctor 17762->17768 17763->17768 17765 e03662 std::_Facet_Register 43 API calls 17764->17765 17764->17768 17765->17768 17766 e08c60 std::_Throw_Cpp_error 41 API calls 17767 dd32c2 17766->17767 17768->17766 17769 dd326b std::ios_base::_Ios_base_dtor 17768->17769 17769->17743 17771 e03649 GetSystemTimeAsFileTime 17770->17771 17772 e0363d GetSystemTimePreciseAsFileTime 17770->17772 17773 e03067 17771->17773 17772->17773 17773->15460 15208 e19f85 GetLastError 15209 e19fa1 15208->15209 15210 e19f9b 15208->15210 15214 e19fa5 SetLastError 15209->15214 15231 e1b68d 15209->15231 15243 e1b64e 15210->15243 15218 e19feb 15221 e1b68d __Getctype 6 API calls 15218->15221 15219 e19fda 15220 e1b68d __Getctype 6 API calls 15219->15220 15222 e19fe8 15220->15222 15223 e19ff7 15221->15223 15248 e1b00c 15222->15248 15224 e1a012 15223->15224 15225 e19ffb 15223->15225 15254 e19c60 15224->15254 15226 e1b68d __Getctype 6 API calls 15225->15226 15226->15222 15230 e1b00c ___std_exception_destroy 12 API calls 15230->15214 15259 e1b43b 15231->15259 15234 e19fbd 15234->15214 15236 e1a64c 15234->15236 15235 e1b6c7 TlsSetValue 15242 e1a659 __Getctype 15236->15242 15237 e1a699 15277 e116ef 15237->15277 15238 e1a684 RtlAllocateHeap 15239 e19fd2 15238->15239 15238->15242 15239->15218 15239->15219 15242->15237 15242->15238 15274 e15a79 15242->15274 15244 e1b43b std::locale::_Setgloballocale 5 API calls 15243->15244 15245 e1b66a 15244->15245 15246 e1b685 TlsGetValue 15245->15246 15247 e1b673 15245->15247 15247->15209 15249 e1b017 HeapFree 15248->15249 15253 e1b041 15248->15253 15250 e1b02c GetLastError 15249->15250 15249->15253 15251 e1b039 ___std_exception_destroy 15250->15251 15252 e116ef __floor_pentium4 12 API calls 15251->15252 15252->15253 15253->15214 15314 e19af4 15254->15314 15260 e1b46b 15259->15260 15263 e1b467 15259->15263 15260->15263 15266 e1b370 15260->15266 15263->15234 15263->15235 15264 e1b485 GetProcAddress 15264->15263 15265 e1b495 std::locale::_Setgloballocale 15264->15265 15265->15263 15272 e1b381 std::locale::_Setgloballocale 15266->15272 15267 e1b417 15267->15263 15267->15264 15268 e1b39f LoadLibraryExW 15269 e1b3ba GetLastError 15268->15269 15270 e1b41e 15268->15270 15269->15272 15270->15267 15271 e1b430 FreeLibrary 15270->15271 15271->15267 15272->15267 15272->15268 15273 e1b3ed LoadLibraryExW 15272->15273 15273->15270 15273->15272 15280 e15aa5 15274->15280 15291 e19f85 GetLastError 15277->15291 15279 e116f4 15279->15239 15281 e15ab1 std::locale::_Setgloballocale 15280->15281 15286 e1423b RtlEnterCriticalSection 15281->15286 15283 e15abc std::locale::_Setgloballocale 15287 e15af3 15283->15287 15286->15283 15290 e14283 RtlLeaveCriticalSection 15287->15290 15289 e15a84 15289->15242 15290->15289 15292 e19fa1 15291->15292 15293 e19f9b 15291->15293 15294 e1b68d __Getctype 6 API calls 15292->15294 15297 e19fa5 SetLastError 15292->15297 15295 e1b64e __Getctype 6 API calls 15293->15295 15296 e19fbd 15294->15296 15295->15292 15296->15297 15299 e1a64c __Getctype 12 API calls 15296->15299 15297->15279 15300 e19fd2 15299->15300 15301 e19feb 15300->15301 15302 e19fda 15300->15302 15304 e1b68d __Getctype 6 API calls 15301->15304 15303 e1b68d __Getctype 6 API calls 15302->15303 15305 e19fe8 15303->15305 15306 e19ff7 15304->15306 15310 e1b00c ___std_exception_destroy 12 API calls 15305->15310 15307 e1a012 15306->15307 15308 e19ffb 15306->15308 15311 e19c60 __Getctype 12 API calls 15307->15311 15309 e1b68d __Getctype 6 API calls 15308->15309 15309->15305 15310->15297 15312 e1a01d 15311->15312 15313 e1b00c ___std_exception_destroy 12 API calls 15312->15313 15313->15297 15315 e19b00 std::locale::_Setgloballocale 15314->15315 15328 e1423b RtlEnterCriticalSection 15315->15328 15317 e19b0a 15329 e19b3a 15317->15329 15320 e19c06 15321 e19c12 std::locale::_Setgloballocale 15320->15321 15333 e1423b RtlEnterCriticalSection 15321->15333 15323 e19c1c 15334 e19de7 15323->15334 15325 e19c34 15338 e19c54 15325->15338 15328->15317 15332 e14283 RtlLeaveCriticalSection 15329->15332 15331 e19b28 15331->15320 15332->15331 15333->15323 15335 e19e1d __Getctype 15334->15335 15336 e19df6 __Getctype 15334->15336 15335->15325 15336->15335 15341 e22134 15336->15341 15455 e14283 RtlLeaveCriticalSection 15338->15455 15340 e19c42 15340->15230 15343 e221b4 15341->15343 15344 e2214a 15341->15344 15345 e1b00c ___std_exception_destroy 14 API calls 15343->15345 15367 e22202 15343->15367 15344->15343 15349 e1b00c ___std_exception_destroy 14 API calls 15344->15349 15350 e2217d 15344->15350 15346 e221d6 15345->15346 15347 e1b00c ___std_exception_destroy 14 API calls 15346->15347 15351 e221e9 15347->15351 15348 e1b00c ___std_exception_destroy 14 API calls 15352 e221a9 15348->15352 15354 e22172 15349->15354 15355 e1b00c ___std_exception_destroy 14 API calls 15350->15355 15366 e2219f 15350->15366 15356 e1b00c ___std_exception_destroy 14 API calls 15351->15356 15357 e1b00c ___std_exception_destroy 14 API calls 15352->15357 15353 e22270 15358 e1b00c ___std_exception_destroy 14 API calls 15353->15358 15369 e21438 15354->15369 15360 e22194 15355->15360 15361 e221f7 15356->15361 15357->15343 15362 e22276 15358->15362 15397 e21897 15360->15397 15364 e1b00c ___std_exception_destroy 14 API calls 15361->15364 15362->15335 15364->15367 15365 e1b00c 14 API calls ___std_exception_destroy 15368 e22210 15365->15368 15366->15348 15409 e222a5 15367->15409 15368->15353 15368->15365 15370 e21449 15369->15370 15396 e21532 15369->15396 15371 e2145a 15370->15371 15373 e1b00c ___std_exception_destroy 14 API calls 15370->15373 15372 e2146c 15371->15372 15374 e1b00c ___std_exception_destroy 14 API calls 15371->15374 15375 e2147e 15372->15375 15376 e1b00c ___std_exception_destroy 14 API calls 15372->15376 15373->15371 15374->15372 15377 e21490 15375->15377 15378 e1b00c ___std_exception_destroy 14 API calls 15375->15378 15376->15375 15379 e214a2 15377->15379 15381 e1b00c ___std_exception_destroy 14 API calls 15377->15381 15378->15377 15380 e214b4 15379->15380 15382 e1b00c ___std_exception_destroy 14 API calls 15379->15382 15383 e214c6 15380->15383 15384 e1b00c ___std_exception_destroy 14 API calls 15380->15384 15381->15379 15382->15380 15385 e214d8 15383->15385 15386 e1b00c ___std_exception_destroy 14 API calls 15383->15386 15384->15383 15387 e214ea 15385->15387 15389 e1b00c ___std_exception_destroy 14 API calls 15385->15389 15386->15385 15388 e214fc 15387->15388 15390 e1b00c ___std_exception_destroy 14 API calls 15387->15390 15391 e2150e 15388->15391 15392 e1b00c ___std_exception_destroy 14 API calls 15388->15392 15389->15387 15390->15388 15393 e21520 15391->15393 15394 e1b00c ___std_exception_destroy 14 API calls 15391->15394 15392->15391 15395 e1b00c ___std_exception_destroy 14 API calls 15393->15395 15393->15396 15394->15393 15395->15396 15396->15350 15398 e218a4 15397->15398 15408 e218fc 15397->15408 15399 e1b00c ___std_exception_destroy 14 API calls 15398->15399 15400 e218b4 15398->15400 15399->15400 15401 e218c6 15400->15401 15402 e1b00c ___std_exception_destroy 14 API calls 15400->15402 15403 e218d8 15401->15403 15405 e1b00c ___std_exception_destroy 14 API calls 15401->15405 15402->15401 15404 e218ea 15403->15404 15406 e1b00c ___std_exception_destroy 14 API calls 15403->15406 15407 e1b00c ___std_exception_destroy 14 API calls 15404->15407 15404->15408 15405->15403 15406->15404 15407->15408 15408->15366 15410 e222b2 15409->15410 15411 e222d1 15409->15411 15410->15411 15415 e21dbe 15410->15415 15411->15368 15414 e1b00c ___std_exception_destroy 14 API calls 15414->15411 15416 e21e9c 15415->15416 15417 e21dcf 15415->15417 15416->15414 15451 e21b1d 15417->15451 15420 e21b1d __Getctype 14 API calls 15421 e21de2 15420->15421 15422 e21b1d __Getctype 14 API calls 15421->15422 15423 e21ded 15422->15423 15424 e21b1d __Getctype 14 API calls 15423->15424 15425 e21df8 15424->15425 15426 e21b1d __Getctype 14 API calls 15425->15426 15427 e21e06 15426->15427 15428 e1b00c ___std_exception_destroy 14 API calls 15427->15428 15429 e21e11 15428->15429 15430 e1b00c ___std_exception_destroy 14 API calls 15429->15430 15431 e21e1c 15430->15431 15432 e1b00c ___std_exception_destroy 14 API calls 15431->15432 15433 e21e27 15432->15433 15434 e21b1d __Getctype 14 API calls 15433->15434 15435 e21e35 15434->15435 15436 e21b1d __Getctype 14 API calls 15435->15436 15437 e21e43 15436->15437 15438 e21b1d __Getctype 14 API calls 15437->15438 15439 e21e54 15438->15439 15440 e21b1d __Getctype 14 API calls 15439->15440 15441 e21e62 15440->15441 15442 e21b1d __Getctype 14 API calls 15441->15442 15443 e21e70 15442->15443 15444 e1b00c ___std_exception_destroy 14 API calls 15443->15444 15445 e21e7b 15444->15445 15446 e1b00c ___std_exception_destroy 14 API calls 15445->15446 15447 e21e86 15446->15447 15448 e1b00c ___std_exception_destroy 14 API calls 15447->15448 15449 e21e91 15448->15449 15450 e1b00c ___std_exception_destroy 14 API calls 15449->15450 15450->15416 15452 e21b2f 15451->15452 15453 e21b3e 15452->15453 15454 e1b00c ___std_exception_destroy 14 API calls 15452->15454 15453->15420 15454->15452 15455->15340 18039 df47b0 18040 df48ed 18039->18040 18043 df47ed 18039->18043 18041 dd3330 43 API calls 18040->18041 18042 df48f2 18041->18042 18044 df493d 18042->18044 18045 df4a23 18042->18045 18046 df4a30 43 API calls 18043->18046 18049 df4a30 43 API calls 18044->18049 18047 dd3330 43 API calls 18045->18047 18052 df4827 18046->18052 18048 df4a28 18047->18048 18050 df4977 18049->18050 18058 de3d50 18050->18058 18053 dee1e0 41 API calls 18052->18053 18054 df48b4 18053->18054 18055 df499f 18056 dee1e0 41 API calls 18055->18056 18057 df49ea 18056->18057 18059 de3d8f 18058->18059 18085 de3df7 std::_Locinfo::_Locinfo_ctor 18058->18085 18060 de3f1e 18059->18060 18061 de3f7d 18059->18061 18062 de3e69 18059->18062 18063 de3d96 18059->18063 18059->18085 18130 de7e80 18060->18130 18067 e03662 std::_Facet_Register 43 API calls 18061->18067 18065 e03662 std::_Facet_Register 43 API calls 18062->18065 18066 e03662 std::_Facet_Register 43 API calls 18063->18066 18068 de3e73 18065->18068 18069 de3da0 18066->18069 18070 de3f8a 18067->18070 18068->18085 18091 dfbf20 18068->18091 18071 e03662 std::_Facet_Register 43 API calls 18069->18071 18074 de408e 18070->18074 18075 de3fd3 18070->18075 18070->18085 18073 de3dd2 18071->18073 18118 dff450 18073->18118 18077 dd3330 43 API calls 18074->18077 18078 de3fdb 18075->18078 18079 de4004 18075->18079 18081 de4093 18077->18081 18080 de3fe6 18078->18080 18078->18081 18082 e03662 std::_Facet_Register 43 API calls 18079->18082 18084 e03662 std::_Facet_Register 43 API calls 18080->18084 18083 dd2b50 Concurrency::cancel_current_task 43 API calls 18081->18083 18082->18085 18086 de3fec 18083->18086 18084->18086 18085->18055 18086->18085 18089 e08c60 std::_Throw_Cpp_error 41 API calls 18086->18089 18087 de3d50 105 API calls 18088 de3eb1 18087->18088 18088->18085 18088->18087 18090 de409d 18089->18090 18092 dfbf9b 18091->18092 18093 dfbf32 18091->18093 18094 dd3330 43 API calls 18092->18094 18095 dfbf3d 18093->18095 18096 dfbf6c 18093->18096 18098 dfbfa0 18094->18098 18095->18098 18099 dfbf44 18095->18099 18097 dfbf89 18096->18097 18100 e03662 std::_Facet_Register 43 API calls 18096->18100 18097->18088 18101 dd2b50 Concurrency::cancel_current_task 43 API calls 18098->18101 18102 e03662 std::_Facet_Register 43 API calls 18099->18102 18103 dfbf76 18100->18103 18104 dfbf4a 18101->18104 18102->18104 18103->18088 18105 dfbf53 18104->18105 18106 e08c60 std::_Throw_Cpp_error 41 API calls 18104->18106 18105->18088 18107 dfbfaa 18106->18107 18108 dfbffc 18107->18108 18109 dfc067 18107->18109 18112 dfc003 std::_Locinfo::_Locinfo_ctor 18107->18112 18135 defab0 18108->18135 18110 dd3330 43 API calls 18109->18110 18113 dfc06c 18110->18113 18112->18088 18114 e03662 std::_Facet_Register 43 API calls 18113->18114 18115 dfc09e 18114->18115 18116 dd3040 std::_Throw_Cpp_error 43 API calls 18115->18116 18117 dfc0e2 18116->18117 18117->18088 18119 dff488 18118->18119 18129 dff52f 18118->18129 18120 e03662 std::_Facet_Register 43 API calls 18119->18120 18121 dff4aa 18120->18121 18122 de63b0 std::_Throw_Cpp_error 43 API calls 18121->18122 18123 dff4c0 18122->18123 18124 de3d50 105 API calls 18123->18124 18125 dff4d0 18124->18125 18126 dff450 105 API calls 18125->18126 18127 dff521 18126->18127 18128 dff450 105 API calls 18127->18128 18128->18129 18129->18085 18131 e03662 std::_Facet_Register 43 API calls 18130->18131 18132 de7ea6 18131->18132 18133 de63b0 std::_Throw_Cpp_error 43 API calls 18132->18133 18134 de7ec5 18133->18134 18134->18085 18136 defb2b 18135->18136 18137 defac2 18135->18137 18140 dd2b50 Concurrency::cancel_current_task 43 API calls 18136->18140 18138 defafc 18137->18138 18139 defacd 18137->18139 18142 defb19 18138->18142 18146 e03662 std::_Facet_Register 43 API calls 18138->18146 18139->18136 18141 defad4 18139->18141 18143 defada 18140->18143 18145 e03662 std::_Facet_Register 43 API calls 18141->18145 18142->18112 18144 e08c60 std::_Throw_Cpp_error 41 API calls 18143->18144 18149 defae3 18143->18149 18150 defb35 18144->18150 18145->18143 18147 defb06 18146->18147 18147->18112 18148 defb5b std::locale::_Setgloballocale 18148->18112 18149->18112 18150->18148 18153 df9c70 18150->18153 18152 defb7f 18152->18112 18154 df9dc4 18153->18154 18159 df9ca2 18153->18159 18155 dd3330 43 API calls 18154->18155 18170 df9d04 std::_Locinfo::_Locinfo_ctor 18155->18170 18156 df9dbf 18157 dd2b50 Concurrency::cancel_current_task 43 API calls 18156->18157 18157->18154 18158 e08c60 std::_Throw_Cpp_error 41 API calls 18160 df9dce 18158->18160 18159->18156 18161 df9d1d 18159->18161 18162 df9cf3 18159->18162 18172 de9950 18160->18172 18166 e03662 std::_Facet_Register 43 API calls 18161->18166 18161->18170 18162->18156 18164 df9cfe 18162->18164 18165 e03662 std::_Facet_Register 43 API calls 18164->18165 18165->18170 18166->18170 18167 df9dd9 18168 e051eb Concurrency::cancel_current_task RaiseException 18167->18168 18169 df9de2 18168->18169 18170->18158 18171 df9d8f std::ios_base::_Ios_base_dtor 18170->18171 18171->18152 18173 de9978 std::ios_base::_Ios_base_dtor 18172->18173 18174 de9968 18172->18174 18173->18167 18174->18173 18175 e08c60 std::_Throw_Cpp_error 41 API calls 18174->18175 18176 de998d 18175->18176 18177 de9a4f 18176->18177 18184 e02b64 18176->18184 18177->18167 18183 de9a04 18183->18167 18185 e02ae7 18184->18185 18186 de99cc 18185->18186 18213 e09805 18185->18213 18186->18177 18192 de83b0 18186->18192 18191 e0d098 79 API calls 18191->18186 18193 de843c 18192->18193 18195 de8463 18192->18195 18265 e111fa 18193->18265 18196 dec430 18195->18196 18197 e02460 std::_Lockit::_Lockit 7 API calls 18196->18197 18198 dec45f 18197->18198 18199 e02460 std::_Lockit::_Lockit 7 API calls 18198->18199 18205 dec4a9 std::_Throw_Cpp_error 18198->18205 18200 dec481 18199->18200 18204 e024b8 std::_Lockit::~_Lockit 2 API calls 18200->18204 18201 dec4f8 18202 e024b8 std::_Lockit::~_Lockit 2 API calls 18201->18202 18203 dec5c9 18202->18203 18203->18183 18204->18205 18205->18201 18206 e03662 std::_Facet_Register 43 API calls 18205->18206 18207 dec506 18206->18207 18208 dd4040 std::_Throw_Cpp_error 76 API calls 18207->18208 18209 dec536 18208->18209 18210 dd4100 std::_Throw_Cpp_error 74 API calls 18209->18210 18211 dec592 18210->18211 18212 e026e7 std::_Facet_Register 43 API calls 18211->18212 18212->18201 18215 e0974e std::locale::_Setgloballocale 18213->18215 18214 e09761 18216 e116ef __floor_pentium4 14 API calls 18214->18216 18215->18214 18217 e09781 18215->18217 18218 e09766 18216->18218 18219 e09793 18217->18219 18220 e09786 18217->18220 18221 e08c50 ___std_exception_copy 41 API calls 18218->18221 18223 e1a8e1 17 API calls 18219->18223 18222 e116ef __floor_pentium4 14 API calls 18220->18222 18224 e02b33 18221->18224 18222->18224 18225 e0979c 18223->18225 18224->18186 18230 e0d5e6 18224->18230 18226 e097b0 18225->18226 18227 e097a3 18225->18227 18229 e097ee RtlLeaveCriticalSection 18226->18229 18228 e116ef __floor_pentium4 14 API calls 18227->18228 18228->18224 18229->18224 18231 e0d5f9 ___std_exception_copy 18230->18231 18236 e0d33d 18231->18236 18234 e0898c ___std_exception_copy 41 API calls 18235 e02b4e 18234->18235 18235->18186 18235->18191 18237 e0d349 std::locale::_Setgloballocale 18236->18237 18238 e0d34f 18237->18238 18241 e0d392 18237->18241 18239 e08bd3 ___std_exception_copy 41 API calls 18238->18239 18240 e0d36a 18239->18240 18240->18234 18247 e11240 RtlEnterCriticalSection 18241->18247 18243 e0d39e 18248 e0d4c0 18243->18248 18245 e0d3b4 18257 e0d3dd 18245->18257 18247->18243 18249 e0d4d3 18248->18249 18250 e0d4e6 18248->18250 18249->18245 18260 e0d3e7 18250->18260 18252 e0d509 18253 e09a81 74 API calls 18252->18253 18256 e0d597 18252->18256 18254 e0d537 18253->18254 18255 e1262d 43 API calls 18254->18255 18255->18256 18256->18245 18264 e11254 RtlLeaveCriticalSection 18257->18264 18259 e0d3e5 18259->18240 18261 e0d450 18260->18261 18262 e0d3f8 18260->18262 18261->18252 18262->18261 18263 e125ed 43 API calls 18262->18263 18263->18261 18264->18259 18266 e11206 18265->18266 18270 e1121b 18265->18270 18267 e116ef __floor_pentium4 14 API calls 18266->18267 18268 e1120b 18267->18268 18269 e08c50 ___std_exception_copy 41 API calls 18268->18269 18271 e11216 18269->18271 18270->18195 18271->18195

                                                                                                                                              Executed Functions

                                                                                                                                              Function 00E95940 Relevance: 12.1, APIs: 8, Instructions: 92networkCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 56 e95940-e95972 WSAStartup 57 e95978-e959a2 call eb77d0 * 2 56->57 58 e95a46-e95a4f 56->58 63 e959ae-e959f4 getaddrinfo 57->63 64 e959a4-e959a8 57->64 65 e95a40 WSACleanup 63->65 66 e959f6-e959fc 63->66 64->58 64->63 65->58 67 e959fe 66->67 68 e95a54-e95a5e FreeAddrInfoW 66->68 69 e95a04-e95a18 socket 67->69 68->65 70 e95a60-e95a68 68->70 69->65 71 e95a1a-e95a2a connect 69->71 72 e95a2c-e95a34 closesocket 71->72 73 e95a50 71->73 72->69 74 e95a36-e95a3a FreeAddrInfoW 72->74 73->68 74->65
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddrFreeInfo$CleanupStartupclosesocketconnectgetaddrinfosocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 448659506-0
                                                                                                                                              • Opcode ID: 04d3eb5a70bdff0d86f99e1605d4f65c2d2724e770213997d73e5601e0ee996a
                                                                                                                                              • Instruction ID: 790201d22fe8292f76e31aace89e2308829877f0fd7852be0d36817a80c03083
                                                                                                                                              • Opcode Fuzzy Hash: 04d3eb5a70bdff0d86f99e1605d4f65c2d2724e770213997d73e5601e0ee996a
                                                                                                                                              • Instruction Fuzzy Hash: 1C31CF72504704AFDB219F64DC84A6BBBE5FB84738F10171DF8A5A22A0D3719C059B96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E94EB0 Relevance: 18.3, APIs: 12, Instructions: 279networksleepCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • setsockopt.WS2_32(000003DC,0000FFFF,00001006,?,00000008), ref: 00E94F56
                                                                                                                                              • recv.WS2_32(?,00000004,00000002), ref: 00E94F71
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 00E94F75
                                                                                                                                              • recv.WS2_32(00000000,0000000C,00000002,00000000), ref: 00E94FF3
                                                                                                                                              • recv.WS2_32(00000000,0000000C,00000008), ref: 00E95014
                                                                                                                                              • setsockopt.WS2_32(0000FFFF,00001006,?,00000008,?), ref: 00E950B0
                                                                                                                                              • recv.WS2_32(00000000,?,00000008), ref: 00E950CB
                                                                                                                                                • Part of subcall function 00E95940: WSAStartup.WS2_32 ref: 00E9596A
                                                                                                                                                • Part of subcall function 00E95940: getaddrinfo.WS2_32(?,?,?,00F56328), ref: 00E959EC
                                                                                                                                                • Part of subcall function 00E95940: socket.WS2_32(?,?,?), ref: 00E95A0D
                                                                                                                                                • Part of subcall function 00E95940: connect.WS2_32(00000000,00F26B31,?), ref: 00E95A21
                                                                                                                                                • Part of subcall function 00E95940: closesocket.WS2_32(00000000), ref: 00E95A2D
                                                                                                                                                • Part of subcall function 00E95940: FreeAddrInfoW.WS2_32(?), ref: 00E95A3A
                                                                                                                                                • Part of subcall function 00E95940: WSACleanup.WS2_32 ref: 00E95A40
                                                                                                                                              • recv.WS2_32(?,00000004,00000008), ref: 00E951D3
                                                                                                                                              • __Xtime_get_ticks.LIBCPMT ref: 00E951DA
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00E951E8
                                                                                                                                              • Sleep.KERNELBASE(00000001,00000000,?,00002710,00000000), ref: 00E95261
                                                                                                                                              • Sleep.KERNELBASE(00000064,?,00002710,00000000), ref: 00E95269
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: recv$Sleepsetsockopt$AddrCleanupErrorFreeInfoLastStartupUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@closesocketconnectgetaddrinfosocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3089209366-0
                                                                                                                                              • Opcode ID: 595a4536415b333da24af0aadfd35c36459cd3959689ed7d5a572cfdb5ed92e2
                                                                                                                                              • Instruction ID: 092c9a6989e61d6b3a8642379e5b537ac71f1744c58a58e5ae3b13b3f6191059
                                                                                                                                              • Opcode Fuzzy Hash: 595a4536415b333da24af0aadfd35c36459cd3959689ed7d5a572cfdb5ed92e2
                                                                                                                                              • Instruction Fuzzy Hash: EBB19971D00308DFEF15DFA8CC89BADBBB5AB45304F204219E554BB2E2D7B15984EB92
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00DD9280 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 382libraryloadernetworkCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 75 dd9280-dd92dd call de63b0 78 dd9413-dd9521 call dd2df0 call eb77d0 75->78 79 dd92e3-dd92e9 75->79 95 dd9537-dd953f call de8dc0 78->95 96 dd9523-dd9535 78->96 81 dd92f0-dd9313 79->81 83 dd9315-dd931f 81->83 84 dd9324-dd9331 81->84 85 dd9403-dd9406 83->85 86 dd9333-dd933d 84->86 87 dd9342-dd934f 84->87 89 dd9409-dd940d 85->89 86->85 90 dd9351-dd935b 87->90 91 dd9360-dd936d 87->91 89->78 89->81 90->85 93 dd936f-dd9379 91->93 94 dd937e-dd938b 91->94 93->85 97 dd938d-dd9397 94->97 98 dd9399-dd93a6 94->98 99 dd9544-dd9597 call eb77d0 * 2 95->99 96->99 97->85 101 dd93a8-dd93b2 98->101 102 dd93b4-dd93c1 98->102 112 dd9599-dd95c8 call eb77d0 call e05260 99->112 113 dd95cb-dd95e1 call eb77d0 99->113 101->85 104 dd93cf-dd93dc 102->104 105 dd93c3-dd93cd 102->105 107 dd93de-dd93e8 104->107 108 dd93ea-dd93f4 104->108 105->85 107->85 108->89 111 dd93f6-dd93ff 108->111 111->85 112->113 119 dd95e7-dd95ed 113->119 120 dd96e2 113->120 122 dd95f0-dd96ce GetModuleHandleA GetProcAddress WSASend 119->122 123 dd96e6-dd96f0 120->123 124 dd975f-dd9763 122->124 125 dd96d4-dd96dc 122->125 126 dd971e-dd973d 123->126 127 dd96f2-dd96fe 123->127 124->123 125->120 125->122 128 dd976f-dd9796 126->128 129 dd973f-dd974b 126->129 130 dd9714-dd971b call e038e3 127->130 131 dd9700-dd970e 127->131 132 dd974d-dd975b 129->132 133 dd9765-dd976c call e038e3 129->133 130->126 131->130 134 dd9797-dd97fe call e08c60 call dd2df0 * 2 131->134 132->134 137 dd975d 132->137 133->128 137->133
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(Ws2_32.dll,?,?,?,?,00F1A4DC,00000000,74D723A0,-00F56880), ref: 00DD96A6
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00DD96B4
                                                                                                                                              • WSASend.WS2_32(?,?,00000001,00000000,00000000,00000000,00000000,?,?,?,?,00F1A4DC,00000000,74D723A0,-00F56880), ref: 00DD96C9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProcSend
                                                                                                                                              • String ID: 4oST$4oST$Ws2_32.dll
                                                                                                                                              • API String ID: 2819740048-1839276265
                                                                                                                                              • Opcode ID: 781eac0156d914c3b09e2e0ac13d9232c309c99d85f6b5df622321902601e2ed
                                                                                                                                              • Instruction ID: 310340d99f513a24edca36cc7ec39c977f0973be01ea6908d2ee805c68101f22
                                                                                                                                              • Opcode Fuzzy Hash: 781eac0156d914c3b09e2e0ac13d9232c309c99d85f6b5df622321902601e2ed
                                                                                                                                              • Instruction Fuzzy Hash: FF02F270D04298DFCF25CFA4C8A07EDFBB0EF55310F24428AE4856B686D7715986CBA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E19779 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 146 e19779-e1979b 147 e197a1-e197a3 146->147 148 e1998e 146->148 149 e197a5-e197c4 call e08bd3 147->149 150 e197cf-e197f2 147->150 151 e19990-e19994 148->151 157 e197c7-e197ca 149->157 153 e197f4-e197f6 150->153 154 e197f8-e197fe 150->154 153->154 156 e19800-e19811 153->156 154->149 154->156 158 e19813-e19821 call e1262d 156->158 159 e19824-e19834 call e192be 156->159 157->151 158->159 164 e19836-e1983c 159->164 165 e1987d-e1988f 159->165 166 e19865-e1987b call e18e8f 164->166 167 e1983e-e19841 164->167 168 e19891-e19897 165->168 169 e198e6-e19906 WriteFile 165->169 189 e1985e-e19860 166->189 170 e19843-e19846 167->170 171 e1984c-e1985b call e19256 167->171 175 e198d2-e198e4 call e1933b 168->175 176 e19899-e1989c 168->176 173 e19911 169->173 174 e19908-e1990e GetLastError 169->174 170->171 177 e19926-e19929 170->177 171->189 181 e19914-e1991f 173->181 174->173 196 e198b9-e198bc 175->196 182 e198be-e198d0 call e194ff 176->182 183 e1989e-e198a1 176->183 185 e1992c-e1992e 177->185 190 e19921-e19924 181->190 191 e19989-e1998c 181->191 182->196 184 e198a7-e198b4 call e19416 183->184 183->185 184->196 192 e19930-e19935 185->192 193 e1995c-e19968 185->193 189->181 190->177 191->151 197 e19937-e19949 192->197 198 e1994e-e19957 call e116b8 192->198 199 e19972-e19984 193->199 200 e1996a-e19970 193->200 196->189 197->157 198->157 199->157 200->148 200->199
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00E18E8F: GetConsoleOutputCP.KERNEL32(8B6C80D3,00000000,00000000,?), ref: 00E18EF2
                                                                                                                                              • WriteFile.KERNELBASE(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E198FE
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E19908
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2915228174-0
                                                                                                                                              • Opcode ID: 1b8a70823b0336accfd9e41db72b6eb1deb8d7f3c0fdc7541e683d122f0b0886
                                                                                                                                              • Instruction ID: 02d4ed8d0dd5ade75c27fe85b1a29c6155148703586e273389f90eec41df8bec
                                                                                                                                              • Opcode Fuzzy Hash: 1b8a70823b0336accfd9e41db72b6eb1deb8d7f3c0fdc7541e683d122f0b0886
                                                                                                                                              • Instruction Fuzzy Hash: 3461B171C04219AFDF15DFA8C894AEEBBB9BF49308F141159E900B7253D732D981CBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E18DEF Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 203 e18def-e18e03 call e1e92e 206 e18e05-e18e07 203->206 207 e18e09-e18e11 203->207 208 e18e57-e18e77 call e1e89d 206->208 209 e18e13-e18e1a 207->209 210 e18e1c-e18e1f 207->210 218 e18e89 208->218 219 e18e79-e18e87 call e116b8 208->219 209->210 211 e18e27-e18e3b call e1e92e * 2 209->211 212 e18e21-e18e25 210->212 213 e18e3d-e18e4d call e1e92e FindCloseChangeNotification 210->213 211->206 211->213 212->211 212->213 213->206 225 e18e4f-e18e55 GetLastError 213->225 223 e18e8b-e18e8e 218->223 219->223 225->208
                                                                                                                                              APIs
                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000,00000000,?,?,00E18CD6,00000000,?,00F47178,0000000C,00E18D92,?,?,?), ref: 00E18E45
                                                                                                                                              • GetLastError.KERNEL32(?,00E18CD6,00000000,?,00F47178,0000000C,00E18D92,?,?,?), ref: 00E18E4F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1687624791-0
                                                                                                                                              • Opcode ID: 05811581548f6e26a4e51f76df340023b948df52edeb86edefe50847954eb149
                                                                                                                                              • Instruction ID: 46f64f7d60de25798f39e6dc71a47d46bd1c7bd905535555615427a06453604a
                                                                                                                                              • Opcode Fuzzy Hash: 05811581548f6e26a4e51f76df340023b948df52edeb86edefe50847954eb149
                                                                                                                                              • Instruction Fuzzy Hash: 74112B337042145BCA256634AE49BFE37898BC2B38F292659FD19B72D2DF319CC18191
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E1250C Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 228 e1250c-e12524 call e1e92e 231 e12526-e1252d 228->231 232 e1253a-e12550 SetFilePointerEx 228->232 233 e12534-e12538 231->233 234 e12552-e12563 GetLastError call e116b8 232->234 235 e12565-e1256f 232->235 236 e1258b-e1258e 233->236 234->233 235->233 238 e12571-e12586 235->238 238->236
                                                                                                                                              APIs
                                                                                                                                              • SetFilePointerEx.KERNELBASE(00000000,?,?,?,?,?,00000000,?,?,?,00E12616,?,?,?,?,?), ref: 00E12548
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00E12616,?,?,?,?,?,00000000,?,00000000), ref: 00E12555
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                              • Opcode ID: 7d09e735f90a1fa375f5100cff3b3d9811d9886bc28637ff843ecf24334496b9
                                                                                                                                              • Instruction ID: 84a58e763c757a0f6d36714794a6f094de517abab04312598d93faedfdc9e5dd
                                                                                                                                              • Opcode Fuzzy Hash: 7d09e735f90a1fa375f5100cff3b3d9811d9886bc28637ff843ecf24334496b9
                                                                                                                                              • Instruction Fuzzy Hash: CE012633610209AFCF05CF69DC558DE3B6AEB85324B240248F911AB290E671ED929B91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E19F85 Relevance: 2.6, APIs: 2, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 298 e19f85-e19f99 GetLastError 299 e19fb5-e19fbf call e1b68d 298->299 300 e19f9b-e19fa3 call e1b64e 298->300 307 e19fc1-e19fc3 299->307 308 e19fc5-e19fcd call e1a64c 299->308 305 e19fb0 300->305 306 e19fa5-e19fae 300->306 305->299 309 e1a02a-e1a035 SetLastError 306->309 307->309 311 e19fd2-e19fd8 308->311 312 e19feb-e19ff9 call e1b68d 311->312 313 e19fda-e19fe9 call e1b68d 311->313 319 e1a012-e1a027 call e19c60 call e1b00c 312->319 320 e19ffb-e1a009 call e1b68d 312->320 318 e1a00a-e1a010 call e1b00c 313->318 327 e1a029 318->327 319->327 320->318 327->309
                                                                                                                                              APIs
                                                                                                                                              • GetLastError.KERNEL32(00000001,?,00E116F4,00E1B0C9,?,?,00E04B2F,?,?,74D723A0,?,?,00DD3522,?,?), ref: 00E19F89
                                                                                                                                              • SetLastError.KERNEL32(00000000), ref: 00E1A02B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                              • Opcode ID: 6d5402e941252754abb37eb1e2a038636fed2fdeaa129e20a84057b197d9ccee
                                                                                                                                              • Instruction ID: 4d80e2ceefefd900cb86f7b9eda3b6be4b047c823dc5da46e5d2b10cefd955fa
                                                                                                                                              • Opcode Fuzzy Hash: 6d5402e941252754abb37eb1e2a038636fed2fdeaa129e20a84057b197d9ccee
                                                                                                                                              • Instruction Fuzzy Hash: A21108313053047ED7216B709CD6DFB369DEB2D7AAB182234F516F11B1DB148CCAA161
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00DD32D0 Relevance: 1.5, APIs: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 330 dd32d0-dd32e0 331 dd3306-dd3308 330->331 332 dd32e2-dd32e7 330->332 333 dd3318-dd331e 331->333 334 dd330a-dd3317 call e03662 331->334 335 dd331f call dd2b50 332->335 336 dd32e9-dd32ea call e03662 332->336 342 dd3324-dd3329 call e08c60 335->342 340 dd32ef-dd32f6 336->340 340->342 343 dd32f8-dd3305 340->343
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 00DD331F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                              • Opcode ID: 88e0f75f83d5f9e69285ef2088a1dfdc1055322beeb667a90db4e8c6ac7f301f
                                                                                                                                              • Instruction ID: 31c88ef42446d2aff9a3b61aa8ec8b97f0fd077c69212780101f63dd05e53c8d
                                                                                                                                              • Opcode Fuzzy Hash: 88e0f75f83d5f9e69285ef2088a1dfdc1055322beeb667a90db4e8c6ac7f301f
                                                                                                                                              • Instruction Fuzzy Hash: 65F0E9721001059BDB14AF74E5558E9B3ECEF243A1714097BE88DD7352EF26DA90C7E1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E1A64C Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 346 e1a64c-e1a657 347 e1a665-e1a66b 346->347 348 e1a659-e1a663 346->348 350 e1a684-e1a695 RtlAllocateHeap 347->350 351 e1a66d-e1a66e 347->351 348->347 349 e1a699-e1a6a4 call e116ef 348->349 355 e1a6a6-e1a6a8 349->355 352 e1a670-e1a677 call e18270 350->352 353 e1a697 350->353 351->350 352->349 359 e1a679-e1a682 call e15a79 352->359 353->355 359->349 359->350
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000001), ref: 00E1A68D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: fed8497f3795c6d8788812c3c2e6fa3557d16e3eeb37034037b5f0640fccc068
                                                                                                                                              • Instruction ID: e4ca8f084810808da02d6293b771d6fd155ba2efe2ff1681bcbced3f05a3967c
                                                                                                                                              • Opcode Fuzzy Hash: fed8497f3795c6d8788812c3c2e6fa3557d16e3eeb37034037b5f0640fccc068
                                                                                                                                              • Instruction Fuzzy Hash: 97F0E9362026256F9B325B629C05BFA3788AF40770B1D6131E819FB1A0DA34DCC086E3
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E1B086 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 362 e1b086-e1b092 363 e1b0c4-e1b0cf call e116ef 362->363 364 e1b094-e1b096 362->364 372 e1b0d1-e1b0d3 363->372 366 e1b098-e1b099 364->366 367 e1b0af-e1b0c0 RtlAllocateHeap 364->367 366->367 368 e1b0c2 367->368 369 e1b09b-e1b0a2 call e18270 367->369 368->372 369->363 374 e1b0a4-e1b0ad call e15a79 369->374 374->363 374->367
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,00000001,?), ref: 00E1B0B8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: 593ac7099f11297d9fffcaaa6d0cc1af15366004e342c9b8014995ba3ada7a9c
                                                                                                                                              • Instruction ID: d73217b012ed478a2b7b3f8383422cf2a0b3fd75619ea950193958c4eb9811b3
                                                                                                                                              • Opcode Fuzzy Hash: 593ac7099f11297d9fffcaaa6d0cc1af15366004e342c9b8014995ba3ada7a9c
                                                                                                                                              • Instruction Fuzzy Hash: B6E03031101614EBE63127759C007DB3689AF453A4B552161EE25F70D1DB258CC091E1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 010CEB8C Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 377 10ceb8c-10ceb97 378 10ceb99-10ceb9e 377->378 379 10ceba0-10ceba3 377->379 380 10cebaa-10cebbe VirtualAlloc 378->380 379->380 381 10ceba5 379->381 381->380
                                                                                                                                              APIs
                                                                                                                                              • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 010CEBB7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00F77000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                              • Opcode ID: 1be12d1caf83b60f0602fe2e5e7a4cb46ae84b49669a93ea9a5380673bec1593
                                                                                                                                              • Instruction ID: 05faf5022290838a29fa579b4634acf0f8f180dd3094486c5df1fd5517765371
                                                                                                                                              • Opcode Fuzzy Hash: 1be12d1caf83b60f0602fe2e5e7a4cb46ae84b49669a93ea9a5380673bec1593
                                                                                                                                              • Instruction Fuzzy Hash: BDE0EC753102089BDF50CE8CD884B6F37DDE788610F108425F54AD7205C234E8509B71
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 00E9C630 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 240injectionmemorysynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 00E9C6A1
                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000), ref: 00E9C6BD
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 00E9C6F2
                                                                                                                                              • VirtualAllocEx.KERNEL32(?,00000000,00001000,00003000,00000040), ref: 00E9C71B
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,00000000,?,00000218,00000000), ref: 00E9C8BF
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,00000218,00E9C990,-00000010,00000000), ref: 00E9C8E1
                                                                                                                                              • CreateRemoteThread.KERNEL32(?,00000000,00000000,00000218,00000000,00000000,00000000), ref: 00E9C8F4
                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00E9C8FD
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MemoryProcessWrite$AllocVirtual$CreateObjectRemoteSingleThreadWait
                                                                                                                                              • String ID: %s|%s$131$4oST
                                                                                                                                              • API String ID: 2137838514-1634972829
                                                                                                                                              • Opcode ID: 319cc17d29ff77864d3d9e194ecb7ba7bbe907b3409a4354ac8121c4b0066479
                                                                                                                                              • Instruction ID: 7b9bd0432b5480b5b233e68e0be38864bbe36d1caab200eea64021d7029d7017
                                                                                                                                              • Opcode Fuzzy Hash: 319cc17d29ff77864d3d9e194ecb7ba7bbe907b3409a4354ac8121c4b0066479
                                                                                                                                              • Instruction Fuzzy Hash: 02B169B1D00208DFDB14CFA8CC85BAEBBB4FF48310F104259E919BB291D775AA45DBA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E247AD Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                              • Opcode ID: dc255d4e46883e158cca27689527d4976faa2d457a9b1f8ec5c8d79a519759b1
                                                                                                                                              • Instruction ID: 4fc8e64b272e1de574007604c9e573489fa8e4a8f924ce3a8872600feb38be0e
                                                                                                                                              • Opcode Fuzzy Hash: dc255d4e46883e158cca27689527d4976faa2d457a9b1f8ec5c8d79a519759b1
                                                                                                                                              • Instruction Fuzzy Hash: C7D229B2E086288FDB65CE28DD447EAB7B5EB44315F1461EAD40DF7280E774AE818F41
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E232E1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,00E235F3,?,?), ref: 00E2337A
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,00E235F3,?,?), ref: 00E233A3
                                                                                                                                              • GetACP.KERNEL32(?,?,00E235F3,?,?), ref: 00E233B8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLocale
                                                                                                                                              • String ID: ACP$OCP
                                                                                                                                              • API String ID: 2299586839-711371036
                                                                                                                                              • Opcode ID: 64bd0c35ae3372d81e79fc8950b80491fb577345b9af38bf86bd9eaeee5bfab2
                                                                                                                                              • Instruction ID: e6b498b87a7ea56052f6c1c855d3e24667ffd90270ad66a90ec37d2018ec41fd
                                                                                                                                              • Opcode Fuzzy Hash: 64bd0c35ae3372d81e79fc8950b80491fb577345b9af38bf86bd9eaeee5bfab2
                                                                                                                                              • Instruction Fuzzy Hash: 8121B032600128EAD730CB39F901A9AB3A7BB40F58B569464E926EB100EF36DF41DB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E234BD Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00E19E32: GetLastError.KERNEL32(00000000,?,00E1F819), ref: 00E19E36
                                                                                                                                                • Part of subcall function 00E19E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00E19ED8
                                                                                                                                              • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 00E235C5
                                                                                                                                              • IsValidCodePage.KERNEL32(?), ref: 00E23603
                                                                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 00E23616
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 00E2365E
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 00E23679
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 415426439-0
                                                                                                                                              • Opcode ID: b6f153f7bad29192d02073851130d0dcb96f33c1113b76eacfe85a71616fed32
                                                                                                                                              • Instruction ID: 4156cc30fb0f1f3f59267dca838b714e36a673b68e248217fefafd8406d93920
                                                                                                                                              • Opcode Fuzzy Hash: b6f153f7bad29192d02073851130d0dcb96f33c1113b76eacfe85a71616fed32
                                                                                                                                              • Instruction Fuzzy Hash: A951AE71A00229ABDB10DFB5EC45ABAB3B9BF08704F141469E914F7190DB78DB449F61
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E22B48 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00E19E32: GetLastError.KERNEL32(00000000,?,00E1F819), ref: 00E19E36
                                                                                                                                                • Part of subcall function 00E19E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00E19ED8
                                                                                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,00E172F0,?,?,?,?,?,-00000050,?,?,?), ref: 00E22C07
                                                                                                                                              • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00E172F0,?,?,?,?,?,-00000050,?,?), ref: 00E22C3E
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,?,00000000,?), ref: 00E22DA1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                              • String ID: utf8
                                                                                                                                              • API String ID: 607553120-905460609
                                                                                                                                              • Opcode ID: b974de1e043117cdcdef690b0b496fdca48f1bf4faf570c0a23377ab164a6cf4
                                                                                                                                              • Instruction ID: ee4959687153d57aff7b5177b62bc622c64b501e78f458de56f964d6323efe01
                                                                                                                                              • Opcode Fuzzy Hash: b974de1e043117cdcdef690b0b496fdca48f1bf4faf570c0a23377ab164a6cf4
                                                                                                                                              • Instruction Fuzzy Hash: 48711A31600626BADB24AF74EC42BFA73E8EF44714F14652EFA15F7181EB70E9808761
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E0C950 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d832fe2a0f42001a57c9b2c34ab75cd1b9a187cae735d2738bff895b2773b599
                                                                                                                                              • Instruction ID: 76596458c1a1bad4a4597cf7f1269c078bb1c8390ea431c5ec9dba94bfdc369d
                                                                                                                                              • Opcode Fuzzy Hash: d832fe2a0f42001a57c9b2c34ab75cd1b9a187cae735d2738bff895b2773b599
                                                                                                                                              • Instruction Fuzzy Hash: 53021A71E012199BDB14CFA9D9806AEFBF1FF48318F249269D919F7381D731A981CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E22F65 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00E19E32: GetLastError.KERNEL32(00000000,?,00E1F819), ref: 00E19E36
                                                                                                                                                • Part of subcall function 00E19E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00E19ED8
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00E22FB9
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00E23003
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00E230C9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLocale$ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 661929714-0
                                                                                                                                              • Opcode ID: d0aad85fdc434604ad2b129027292c365b1f62e30991811028207fe97d7b26db
                                                                                                                                              • Instruction ID: 7ee6b997e56a60f24d139a753bb5874cfeb610ad1e6fb66609d99b7f7fb53e06
                                                                                                                                              • Opcode Fuzzy Hash: d0aad85fdc434604ad2b129027292c365b1f62e30991811028207fe97d7b26db
                                                                                                                                              • Instruction Fuzzy Hash: E861B071911227DBEB28DF38EC86BAA77A9FF04304F105179E905E6181E738DA91DF60
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E08A54 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00E08B4C
                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00E08B56
                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 00E08B63
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                              • Opcode ID: 162f821211528f8187058131f5af79326e009487070a3c6e8d532b0b2e0cd5af
                                                                                                                                              • Instruction ID: d3d8003f9432d3f2d97460bca33d9cbcd3551ed52b07bd1edfba5ab81197970d
                                                                                                                                              • Opcode Fuzzy Hash: 162f821211528f8187058131f5af79326e009487070a3c6e8d532b0b2e0cd5af
                                                                                                                                              • Instruction Fuzzy Hash: C631C4B590121DABCB21DF68DD8978DBBB8BF08310F5051DAE41CA7290EB749F858F45
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E01F8C Relevance: 4.5, APIs: 3, Instructions: 35COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FindClose.KERNEL32(000000FF,?,00DED027,?,?,?,00DF4721), ref: 00E01F98
                                                                                                                                              • FindFirstFileExW.KERNEL32(000000FF,00000001,?,00000000,00000000,00000000,?,?,?,00DED027,?,?,?,00DF4721), ref: 00E01FC7
                                                                                                                                              • GetLastError.KERNEL32(?,00DED027,?,?,?,00DF4721), ref: 00E01FD9
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Find$CloseErrorFileFirstLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4020440971-0
                                                                                                                                              • Opcode ID: 6b7457340ce92e5bfd2406ddf3bb7099116bb3fc58814b3f652838c23424b4d1
                                                                                                                                              • Instruction ID: 44afede622bdce3d63cfc6e819673dcf5808e794d987ec91d211814057d8e116
                                                                                                                                              • Opcode Fuzzy Hash: 6b7457340ce92e5bfd2406ddf3bb7099116bb3fc58814b3f652838c23424b4d1
                                                                                                                                              • Instruction Fuzzy Hash: 61F0547120020ABFDB205F65DC049BA7BADEF14370B144524F969D51E0D73189E29661
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E0360D Relevance: 3.0, APIs: 2, Instructions: 27timeCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSystemTimePreciseAsFileTime.KERNEL32(?,00E03067,?,?,?,?,00E951DF), ref: 00E03645
                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?,8B6C80D3,00000000,?,00F1E6F2,000000FF,?,00E03067,?,?,?,?,00E951DF), ref: 00E03649
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Time$FileSystem$Precise
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 743729956-0
                                                                                                                                              • Opcode ID: 1431d926516859a893cc482f699fe6e89350534eb042d68eca082a1eed75f2c9
                                                                                                                                              • Instruction ID: db0136fe4670abc72ae15bebb1e196444b86f4831b9882680b751a5d057cbbdc
                                                                                                                                              • Opcode Fuzzy Hash: 1431d926516859a893cc482f699fe6e89350534eb042d68eca082a1eed75f2c9
                                                                                                                                              • Instruction Fuzzy Hash: 01F06532944A68EFC711CF54EC01B9AB7A8F708F24F004226E912977D0DB75A900EF81
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 7EF70000 Relevance: 2.1, Strings: 1, Instructions: 824COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3573322781.000000007EF70000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EF70000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_7ef70000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: cFX
                                                                                                                                              • API String ID: 0-2631176398
                                                                                                                                              • Opcode ID: b4ecc8f9b8b2dbf57254e6ac807cf921b6f13312f38b6c17dbaba6974922cd66
                                                                                                                                              • Instruction ID: f7672046d692c859a48ca0eb87f6957610b22f442af74444a9b72ba176388d97
                                                                                                                                              • Opcode Fuzzy Hash: b4ecc8f9b8b2dbf57254e6ac807cf921b6f13312f38b6c17dbaba6974922cd66
                                                                                                                                              • Instruction Fuzzy Hash: 01429DF3E00210ABF3059A18DCA1BAB76ABDFC4328F95463EE94E67BC0E6745D114791
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E1DA74 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00E1DA6F,?,?,?,?,?,?,00000000), ref: 00E1DCA1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                              • Opcode ID: 0f35da7121c230e302bb1cb9124323c0a5a1fbfa4e8e4136448b90e11d58c788
                                                                                                                                              • Instruction ID: c60a9423e95fbfbcc47b4e2df4f9e6707ae3b4b8db994c1fc2754e5b5c600b01
                                                                                                                                              • Opcode Fuzzy Hash: 0f35da7121c230e302bb1cb9124323c0a5a1fbfa4e8e4136448b90e11d58c788
                                                                                                                                              • Instruction Fuzzy Hash: 25B15E31514608DFD719CF28C88ABA57BE0FF45368F299658E89ADF2A1C375E981CB40
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E231B8 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00E19E32: GetLastError.KERNEL32(00000000,?,00E1F819), ref: 00E19E36
                                                                                                                                                • Part of subcall function 00E19E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00E19ED8
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00E2320C
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3736152602-0
                                                                                                                                              • Opcode ID: a73ceaf85151b587444e315ddb92f874a0992730aa8994c059512ce3ab15306f
                                                                                                                                              • Instruction ID: 977b197030ff236e751e2498800240708b2669333e070b70651cca6cfc763104
                                                                                                                                              • Opcode Fuzzy Hash: a73ceaf85151b587444e315ddb92f874a0992730aa8994c059512ce3ab15306f
                                                                                                                                              • Instruction Fuzzy Hash: 85218332511226ABDF289A34EC41ABA77E8EF45314F10217AF901E6151EB79DE41DF50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E22E3F Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00E19E32: GetLastError.KERNEL32(00000000,?,00E1F819), ref: 00E19E36
                                                                                                                                                • Part of subcall function 00E19E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00E19ED8
                                                                                                                                              • EnumSystemLocalesW.KERNEL32(00E22F65,00000001,00000000,?,?,?,00E23599,?), ref: 00E22EB1
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2417226690-0
                                                                                                                                              • Opcode ID: 23126c8357f633d5b27d6293e1c6737c537e98cadf3a8e995439ea547d56a0ef
                                                                                                                                              • Instruction ID: e3b9d515fc0a4f8142fcb4efbb9a7453d635a633ee8e65b588eabd636f06cd9e
                                                                                                                                              • Opcode Fuzzy Hash: 23126c8357f633d5b27d6293e1c6737c537e98cadf3a8e995439ea547d56a0ef
                                                                                                                                              • Instruction Fuzzy Hash: A5114C372003056FDB289F38E8A15BAB791FF84318B15442DEA8757740D771B943DB40
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E233E7 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00E19E32: GetLastError.KERNEL32(00000000,?,00E1F819), ref: 00E19E36
                                                                                                                                                • Part of subcall function 00E19E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00E19ED8
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00E23262,00000000,00000000,?), ref: 00E23413
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3736152602-0
                                                                                                                                              • Opcode ID: 9577d950c221c88402ce25a9be2e676150f0cf3026a108e43e41959c31a5b63b
                                                                                                                                              • Instruction ID: 53d2ee26b4b48fa8f80464aeb0962adb0c504eb9253624a4680b2547ab487415
                                                                                                                                              • Opcode Fuzzy Hash: 9577d950c221c88402ce25a9be2e676150f0cf3026a108e43e41959c31a5b63b
                                                                                                                                              • Instruction Fuzzy Hash: 2401D632A10136BBDF296B34D805AFA37A4EB40758F154568AD56B3180EA38FF42DA90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E22D4D Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00E19E32: GetLastError.KERNEL32(00000000,?,00E1F819), ref: 00E19E36
                                                                                                                                                • Part of subcall function 00E19E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00E19ED8
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,?,00000000,?), ref: 00E22DA1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                                                                              • String ID: utf8
                                                                                                                                              • API String ID: 3736152602-905460609
                                                                                                                                              • Opcode ID: f1af27ff63d49fbb55cecbe5f097636a1ba93c6eae724fbce1c6c6da808ae0b1
                                                                                                                                              • Instruction ID: 8f95c8e8012b6069512a1b801cd70c4c12d6466fe298137e402a84136be3030d
                                                                                                                                              • Opcode Fuzzy Hash: f1af27ff63d49fbb55cecbe5f097636a1ba93c6eae724fbce1c6c6da808ae0b1
                                                                                                                                              • Instruction Fuzzy Hash: CEF0A432640219ABC714AB74DC55EFA33E8DB45315F11117DB602E7282DA78AE459750
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E22EDA Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00E19E32: GetLastError.KERNEL32(00000000,?,00E1F819), ref: 00E19E36
                                                                                                                                                • Part of subcall function 00E19E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00E19ED8
                                                                                                                                              • EnumSystemLocalesW.KERNEL32(00E231B8,00000001,?,?,?,?,00E23561,?,?,?,?), ref: 00E22F24
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2417226690-0
                                                                                                                                              • Opcode ID: 5ddffc9bbc9c666363d201cf583f19de937cdbf38c658a159021dfdae4d7b2da
                                                                                                                                              • Instruction ID: 731d038ee8cca96495f3236f923b8449a917da7f921718ae4dd5ef33ee6724cb
                                                                                                                                              • Opcode Fuzzy Hash: 5ddffc9bbc9c666363d201cf583f19de937cdbf38c658a159021dfdae4d7b2da
                                                                                                                                              • Instruction Fuzzy Hash: C0F0F6363003146FDB249F35EC81A7A7BE1FF80768F45842DFA466B680C6719C42DB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E1B1A3 Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00E1423B: RtlEnterCriticalSection.NTDLL(-00F55967), ref: 00E1424A
                                                                                                                                              • EnumSystemLocalesW.KERNEL32(00E1B196,00000001,00F47298,0000000C,00E1B5CB,?,?,?,?), ref: 00E1B1DB
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1272433827-0
                                                                                                                                              • Opcode ID: 43042213a1e7093713fedcc611abff2e61ee63d409e76acd814d8f0ae53f2b62
                                                                                                                                              • Instruction ID: c5e4741cb0b8242ff10fb69b5cbb19bf81211fca0fdb595c1aa7bb8ace3e9f1f
                                                                                                                                              • Opcode Fuzzy Hash: 43042213a1e7093713fedcc611abff2e61ee63d409e76acd814d8f0ae53f2b62
                                                                                                                                              • Instruction Fuzzy Hash: 86F03CB6A04304EFD710DFA8E842B9D77F0EB08721F10915AF511A72E0CBB59A40DF40
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E22DF4 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00E19E32: GetLastError.KERNEL32(00000000,?,00E1F819), ref: 00E19E36
                                                                                                                                                • Part of subcall function 00E19E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00E19ED8
                                                                                                                                              • EnumSystemLocalesW.KERNEL32(00E22D4D,00000001,?,?,?,00E235BB,?,?,?,?), ref: 00E22E2B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2417226690-0
                                                                                                                                              • Opcode ID: 8851bb467be6170576aae0b0781b0fb0b2452ad9b391ba3b3bd69ba746afa4b5
                                                                                                                                              • Instruction ID: 8f3846aaf00a343914d961778a5decfc0223b74b829aad7cbc92494b960b7e53
                                                                                                                                              • Opcode Fuzzy Hash: 8851bb467be6170576aae0b0781b0fb0b2452ad9b391ba3b3bd69ba746afa4b5
                                                                                                                                              • Instruction Fuzzy Hash: 7EF05536300208A7CB14AF35E84566ABF90EFC1714B07405CEB069B290C6719943DB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E1B726 Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,?,?,?,?,00E17E66,?,20001004,?,00000002,?,?,00E17458), ref: 00E1B75A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                              • Opcode ID: db8438de162482c0ce41b9491562b856d4b73d91b44e9c940abb05ba87245e5e
                                                                                                                                              • Instruction ID: 2778e4d88e8131f814acf7e0ee98037350c0b1a453f4381306de0d7670dfec2a
                                                                                                                                              • Opcode Fuzzy Hash: db8438de162482c0ce41b9491562b856d4b73d91b44e9c940abb05ba87245e5e
                                                                                                                                              • Instruction Fuzzy Hash: BAE04F3150061CBBCF123F60DC08ADE3E6AEF85761F004111FD15791B0CB729D61AA95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00EC0350 Relevance: .7, Instructions: 735COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 119a76eaf56a1b3b0f6a99f694ecaa4c4c6e659e641367f6b8bb49a398108aa4
                                                                                                                                              • Instruction ID: e5c88777f9ef8546e6cd7cc1f8cf985237f621c1653b994d969ff0c1c53a6aa7
                                                                                                                                              • Opcode Fuzzy Hash: 119a76eaf56a1b3b0f6a99f694ecaa4c4c6e659e641367f6b8bb49a398108aa4
                                                                                                                                              • Instruction Fuzzy Hash: A4623DB1E00215DBDB18CF59C684BAEBBB1AF89308F2491ADD8546B342C776D947CF90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00DFF570 Relevance: .4, Instructions: 394COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: c2deecbe3ee60a011d5856fdee5848cba5150375c33bcb85bf53e5887f2a007a
                                                                                                                                              • Instruction ID: 5a610474a9aa9fa5ce77e2e1dd9125746c3bedec7eb153c7c74954e58f82a786
                                                                                                                                              • Opcode Fuzzy Hash: c2deecbe3ee60a011d5856fdee5848cba5150375c33bcb85bf53e5887f2a007a
                                                                                                                                              • Instruction Fuzzy Hash: 82E10376E1022A9FCB05CFA8D4816ADFBF1FF88314F1A8169D955B7340D670AD45CBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 7EF70B2E Relevance: .4, Instructions: 352COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3573322781.000000007EF70000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EF70000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_7ef70000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 64672be9002899b88d69f017a98ddee900fd1562fe9ab500d4cf41606b8ad88a
                                                                                                                                              • Instruction ID: 58bfee70e68fed7894076275a0937a627c22a606eef68dae2caf51ce750460fc
                                                                                                                                              • Opcode Fuzzy Hash: 64672be9002899b88d69f017a98ddee900fd1562fe9ab500d4cf41606b8ad88a
                                                                                                                                              • Instruction Fuzzy Hash: B6A1CCB3E40210ABF309991CDCA5BAB76ABDFC0328F95423EE94E67BC4E5B45D0046D1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E1035F Relevance: .3, Instructions: 333COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 9b5ad033fe52656108c09b3030615d696873ff3ea0324bdcff6cb30501b8e3a5
                                                                                                                                              • Instruction ID: 91e8cb19ea7d03fe46257e7ef5cac1168050d9728170d83d4a1bf1c9b70feb7d
                                                                                                                                              • Opcode Fuzzy Hash: 9b5ad033fe52656108c09b3030615d696873ff3ea0324bdcff6cb30501b8e3a5
                                                                                                                                              • Instruction Fuzzy Hash: BDC1EB7090070A8FCB34CF68C4846FABBB2BF45318F146619D5A6BB691C7B0ADC5CB51
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E225FE Relevance: .3, Instructions: 327COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                              • Opcode ID: f71c984573f32e108c37335478c0576313722ec08cb495d6c1ce5c8cf9173d5e
                                                                                                                                              • Instruction ID: 1adb214c8775166cc6bec8153025ed0c4991d1cf796508e66d41e60b3ac3e13f
                                                                                                                                              • Opcode Fuzzy Hash: f71c984573f32e108c37335478c0576313722ec08cb495d6c1ce5c8cf9173d5e
                                                                                                                                              • Instruction Fuzzy Hash: 70B10635500716ABDB3C9B24DC92BB7B3E8FF54308F14556EEB82E6580EA74E985CB10
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E28BA0 Relevance: .2, Instructions: 221COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 37b060102fc4ec6d92760ee00998116279f17137bd25b96cfb86d11c9e22be16
                                                                                                                                              • Instruction ID: 2287989c8d172e339bbbc033e8f39e6715ab74b7d12e945bbd442e26aa638d70
                                                                                                                                              • Opcode Fuzzy Hash: 37b060102fc4ec6d92760ee00998116279f17137bd25b96cfb86d11c9e22be16
                                                                                                                                              • Instruction Fuzzy Hash: 1A8103B0D022668FDB108F58E9817BEFBF4EB19308F441169D955E7383CB349909D7A1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00EBCFC0 Relevance: .2, Instructions: 189COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: e3fb824efe76ed0abf6610fe7a453b7b0c3e3d9498802f6daaa992099d6cbb3b
                                                                                                                                              • Instruction ID: 60d464f89adf0bbecc22858d758afc8676f4712ac8716e62369f510dce9d38e1
                                                                                                                                              • Opcode Fuzzy Hash: e3fb824efe76ed0abf6610fe7a453b7b0c3e3d9498802f6daaa992099d6cbb3b
                                                                                                                                              • Instruction Fuzzy Hash: 166162316205684FEB18CF5EFCD046A7F53A38A3213854229EA81DB295C635F926E7E4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E0A918 Relevance: .2, Instructions: 156COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 46680d0314554fd398ed7fd020ff60bee8df1d437ae882661bd78aeb1168d151
                                                                                                                                              • Instruction ID: c05b0ea42e37e86907ec5155685d12cd1dc5a9e2b36f996e0e61e6f4dbf4a53a
                                                                                                                                              • Opcode Fuzzy Hash: 46680d0314554fd398ed7fd020ff60bee8df1d437ae882661bd78aeb1168d151
                                                                                                                                              • Instruction Fuzzy Hash: 80517372E00219EFDF14CF94C941AEEBBB2FF88304F598469E555BB241D7749A80CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E07190 Relevance: .1, Instructions: 76COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                              • Instruction ID: 03cd28124916ce49d0bc2455c57a178e1c409bf1094b6405f058645c5ac32d0a
                                                                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                              • Instruction Fuzzy Hash: 96112BF7A0E09143D614863DE8B46B7A795EBD532872C637AD0C16BBD8D122F9C5DA00
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 7EF71E20 Relevance: .0, Instructions: 4COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3573322781.000000007EF70000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EF70000, based on PE: false
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_7ef70000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: 8f62f68f05798d32491e71e5a3bd33828f17dbbcbaf8b34fab85e42735d4f1cb
                                                                                                                                              • Instruction ID: eefc851bb99f223ad8551cc5dd88e7741580b9aef85611b8d58374e0b856f005
                                                                                                                                              • Opcode Fuzzy Hash: 8f62f68f05798d32491e71e5a3bd33828f17dbbcbaf8b34fab85e42735d4f1cb
                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E279D3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlDecodePointer.NTDLL(?), ref: 00E279EC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DecodePointer
                                                                                                                                              • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                              • API String ID: 3527080286-3064271455
                                                                                                                                              • Opcode ID: b93726a2be3ff01c0fb60f65458d4dc06999a5791e2568adafc614469b099311
                                                                                                                                              • Instruction ID: d9d77e4168f2ddf84e621df2c1bf1402c424030991bfdc99bf254e6ae6f77caf
                                                                                                                                              • Opcode Fuzzy Hash: b93726a2be3ff01c0fb60f65458d4dc06999a5791e2568adafc614469b099311
                                                                                                                                              • Instruction Fuzzy Hash: EA519DB090862ECBDF109FA8F8481EDBFB1FB05318FA45184D8C1B7268CB718A65DB55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E072C0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 132COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00E072F7
                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00E072FF
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00E07388
                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00E073B3
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00E07408
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                              • String ID: csm$W
                                                                                                                                              • API String ID: 1170836740-1260979217
                                                                                                                                              • Opcode ID: 74f002a87f1135b3a203035cc65990d46ede489dc2036d2480d70402aafc9f47
                                                                                                                                              • Instruction ID: 86708a1833c010d2ad547076d6212520b1515ea043f1ee0334425177dd67bfe0
                                                                                                                                              • Opcode Fuzzy Hash: 74f002a87f1135b3a203035cc65990d46ede489dc2036d2480d70402aafc9f47
                                                                                                                                              • Instruction Fuzzy Hash: 1841D330E0420A9BCF10DF68C880A9EBBE5AF44318F149155EC98BB3D2D735ED85DB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E1BB58 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _strrchr
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                              • Opcode ID: 88e4da6258101c5fc24b34185784eb547dfa0330ad300027970d950eece25734
                                                                                                                                              • Instruction ID: 081c37b30590dbfd5e49715b8b132fc092fe69808636db90a962e33136134ace
                                                                                                                                              • Opcode Fuzzy Hash: 88e4da6258101c5fc24b34185784eb547dfa0330ad300027970d950eece25734
                                                                                                                                              • Instruction Fuzzy Hash: 45B15772A003659FDB258F24CC82BEEBBE5EF59314F146156E904BF282D774D981C7A0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E1B370 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00E1B47F,?,?,00000000,00000001,?,?,00E1B6A9,00000022,FlsSetValue,00F2EB88,00F2EB90,00000001), ref: 00E1B431
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                              • Opcode ID: 85d1d725ae103e883a98013e0cf0a1551e5b43161257aad853a9772e915ae13f
                                                                                                                                              • Instruction ID: 4d90794b35bb7bc8ece5272dc9a2373e2ab798302156b58b7feca2c89d69cc60
                                                                                                                                              • Opcode Fuzzy Hash: 85d1d725ae103e883a98013e0cf0a1551e5b43161257aad853a9772e915ae13f
                                                                                                                                              • Instruction Fuzzy Hash: 1B213A32A01215ABCB31AB31DC42ADE3758DF41764F245124F925B7292EB70EE91D6D1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E952A0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 399COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 149.18.24.96$4oST$4oST$4oST
                                                                                                                                              • API String ID: 0-608211275
                                                                                                                                              • Opcode ID: 5daa8fc147ac5d547e5c3810b9d40e86c838169e77019e4fe87d8fc7b2df95db
                                                                                                                                              • Instruction ID: 60034e9115593c28177583dda269ca179c9ae59dbc2b2acf6a7babec912d498c
                                                                                                                                              • Opcode Fuzzy Hash: 5daa8fc147ac5d547e5c3810b9d40e86c838169e77019e4fe87d8fc7b2df95db
                                                                                                                                              • Instruction Fuzzy Hash: A802FD70D04288DEDF15EFA8C9457DDBBB0EB14308F5441A9D809BB382D7B55E88DBA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00DEA060 Relevance: 9.1, APIs: 6, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00DEA09D
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00DEA0BF
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00DEA0E7
                                                                                                                                              • __Getctype.LIBCPMT ref: 00DEA1C5
                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 00DEA1F9
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00DEA223
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1102183713-0
                                                                                                                                              • Opcode ID: 6552424294086cef81c3e391750fb9cd1d124e24646f74e64c28fcdbaaee52ca
                                                                                                                                              • Instruction ID: 936b68f2c39b59bc4ef118f14fac8c03bc2cb77b98c0da20caf9e7310c0d6a27
                                                                                                                                              • Opcode Fuzzy Hash: 6552424294086cef81c3e391750fb9cd1d124e24646f74e64c28fcdbaaee52ca
                                                                                                                                              • Instruction Fuzzy Hash: EC51C8B0D0078ACBDB11DF58C9457AEBBF0BB10710F18825DE955AB381D774AA44DBE2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E13623 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,8B6C80D3,?,?,00000000,00F1E6D5,000000FF,?,00E135FF,?,?,00E135D3,00000016), ref: 00E13658
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00E1366A
                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00F1E6D5,000000FF,?,00E135FF,?,?,00E135D3,00000016), ref: 00E1368C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                              • Opcode ID: ac525cad754ccc035df7ffe882faebacaefedd1d7bb7bd5d1bb0a4f0d3a09e18
                                                                                                                                              • Instruction ID: 0a9d71b89e8ee88a33c6f8331f4d729789aff34d3da976c5bbdb05b138d23d01
                                                                                                                                              • Opcode Fuzzy Hash: ac525cad754ccc035df7ffe882faebacaefedd1d7bb7bd5d1bb0a4f0d3a09e18
                                                                                                                                              • Instruction Fuzzy Hash: 5301A23194472DEFCB118F54DC09BAEBBB8FB04B15F004229E812A26E0DBB49A40DA41
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00DEC430 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00DEC45A
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00DEC47C
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00DEC4A4
                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 00DEC59A
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00DEC5C4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 459529453-0
                                                                                                                                              • Opcode ID: e3b1749d2ee35b909136e163183dc8dc9bb7f13e9ca223c4b64c2b10cbd7e26c
                                                                                                                                              • Instruction ID: 1adee2d45bd278cc82768f153e782200f06e7cb62dbf52252b3cc079219082c2
                                                                                                                                              • Opcode Fuzzy Hash: e3b1749d2ee35b909136e163183dc8dc9bb7f13e9ca223c4b64c2b10cbd7e26c
                                                                                                                                              • Instruction Fuzzy Hash: 2551ECB0900288DBDB10EF58C848BAEBBF0FF00314F24814CE855AB381D775AA42DBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E02BB8 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00E02BCC
                                                                                                                                              • RtlAcquireSRWLockExclusive.NTDLL(00000008), ref: 00E02BEB
                                                                                                                                              • RtlAcquireSRWLockExclusive.NTDLL(00000008), ref: 00E02C19
                                                                                                                                              • RtlTryAcquireSRWLockExclusive.NTDLL(00000008), ref: 00E02C74
                                                                                                                                              • RtlTryAcquireSRWLockExclusive.NTDLL(00000008), ref: 00E02C8B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 66001078-0
                                                                                                                                              • Opcode ID: 500cb6481ba38f6cf58655a2bc3415121dd460565b403fa34062ac6dab48c41b
                                                                                                                                              • Instruction ID: 3799f88ec5714c99a8dd8f55d1fb1100ec529c4d0e5ffa924c513b18c48f493d
                                                                                                                                              • Opcode Fuzzy Hash: 500cb6481ba38f6cf58655a2bc3415121dd460565b403fa34062ac6dab48c41b
                                                                                                                                              • Instruction Fuzzy Hash: C5413730900A0ADBEB21CF65C4C89AEF3F8FF08354B60592DE656A7680D731E9C5DB61
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00DD4900 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00DD499F
                                                                                                                                                • Part of subcall function 00E051EB: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,74D723A0,?,00E01CF9,?,00F469D8,74D723A0,?,74D723A0,-00F56880), ref: 00E0524B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                                                                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                              • API String ID: 1903096808-1866435925
                                                                                                                                              • Opcode ID: c623bfe3be7fcd41f1a64413af6d5adcae40c93d5848e7fad18d73847bffe8c0
                                                                                                                                              • Instruction ID: 1d4db52ea349760842be3f371b1588d450b4b6fe4c8ce7b2a46fdfdde4d8f24c
                                                                                                                                              • Opcode Fuzzy Hash: c623bfe3be7fcd41f1a64413af6d5adcae40c93d5848e7fad18d73847bffe8c0
                                                                                                                                              • Instruction Fuzzy Hash: 54112972908A446BCB10DF59DC16B9673DCDB05720F44462EFE68973C2EB35A900DBE6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E18E8F Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetConsoleOutputCP.KERNEL32(8B6C80D3,00000000,00000000,?), ref: 00E18EF2
                                                                                                                                                • Part of subcall function 00E1EC43: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00E1A854,?,00000000,-00000008), ref: 00E1ECA4
                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00E19144
                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00E1918A
                                                                                                                                              • GetLastError.KERNEL32 ref: 00E1922D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2112829910-0
                                                                                                                                              • Opcode ID: 286f3ad11170bda5cb600dbb27d8add07ecba8dd69dccdec4de6ec151e14b3f7
                                                                                                                                              • Instruction ID: 195644f50333f2686b196c0682c1abcd713c9d5cb9b4da8629bef1e4f85b0c15
                                                                                                                                              • Opcode Fuzzy Hash: 286f3ad11170bda5cb600dbb27d8add07ecba8dd69dccdec4de6ec151e14b3f7
                                                                                                                                              • Instruction Fuzzy Hash: EAD18D75E04248AFCF15CFA8D894AEDBBB5FF09314F24452AE519FB352D630A982CB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E02719 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00E02720
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00E0272B
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00E02799
                                                                                                                                                • Part of subcall function 00E0287C: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00E02894
                                                                                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 00E02746
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 677527491-0
                                                                                                                                              • Opcode ID: 2426054c8f62ac40357f5b4f12ab2c95bb18b003db6f1cf9e191c2b307e8142a
                                                                                                                                              • Instruction ID: a4b600b2839d38f9acc4f2d03828d0c2a37b65195a45bfcd800a7df0b03bf467
                                                                                                                                              • Opcode Fuzzy Hash: 2426054c8f62ac40357f5b4f12ab2c95bb18b003db6f1cf9e191c2b307e8142a
                                                                                                                                              • Instruction Fuzzy Hash: E901FC35A006158BCB0AEB30C84957D77F1FF80B80B08500DEA11633C1CF74AE82EB92
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00E26D22 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,00E23DBC,?,00000001,?,?,?,00E19281,?,00000000,00000000), ref: 00E26D39
                                                                                                                                              • GetLastError.KERNEL32(?,00E23DBC,?,00000001,?,?,?,00E19281,?,00000000,00000000,?,?,?,00E1985B,?), ref: 00E26D45
                                                                                                                                                • Part of subcall function 00E26D0B: CloseHandle.KERNEL32(FFFFFFFE,00E26D55,?,00E23DBC,?,00000001,?,?,?,00E19281,?,00000000,00000000,?,?), ref: 00E26D1B
                                                                                                                                              • ___initconout.LIBCMT ref: 00E26D55
                                                                                                                                                • Part of subcall function 00E26CCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00E26CFC,00E23DA9,?,?,00E19281,?,00000000,00000000,?), ref: 00E26CE0
                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,?,00000000,?,00E23DBC,?,00000001,?,?,?,00E19281,?,00000000,00000000,?), ref: 00E26D6A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2744216297-0
                                                                                                                                              • Opcode ID: 73b75b8b1910239769745b5902f5312bc74f528f65a167ab6fbb7f4fcf56847c
                                                                                                                                              • Instruction ID: dd436c6b00829efc312b8fb92cb3afaaadb8fd5738f8825abeb1fe7d572287a6
                                                                                                                                              • Opcode Fuzzy Hash: 73b75b8b1910239769745b5902f5312bc74f528f65a167ab6fbb7f4fcf56847c
                                                                                                                                              • Instruction Fuzzy Hash: F0F0C03654016DBBCF232F95EC15A993F66FB497A1F055514FA1C95130D7328C20EB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00DD7350 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 158COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00DD750C
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00DD7522
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_destroy
                                                                                                                                              • String ID: [json.exception.
                                                                                                                                              • API String ID: 4194217158-791563284
                                                                                                                                              • Opcode ID: 7c2686a8febe010584c46794779248bfc97e9ab179bb2abd5ee15dd94175c1bf
                                                                                                                                              • Instruction ID: e48670c362f94ec78088bc649e3c69c5ccd34aa9794880ba6a7e5c0334c5393d
                                                                                                                                              • Opcode Fuzzy Hash: 7c2686a8febe010584c46794779248bfc97e9ab179bb2abd5ee15dd94175c1bf
                                                                                                                                              • Instruction Fuzzy Hash: 7C51CFB0C046889FDB00DFA8C945B9EFBB4EF11314F144299E850A73C2E7B85A44DBE2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00DD47F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00DD499F
                                                                                                                                                • Part of subcall function 00E051EB: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,74D723A0,?,00E01CF9,?,00F469D8,74D723A0,?,74D723A0,-00F56880), ref: 00E0524B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                                                                                                                              • String ID: ios_base::badbit set$ios_base::failbit set
                                                                                                                                              • API String ID: 1903096808-1240500531
                                                                                                                                              • Opcode ID: 8d2271974305dd7af14b9c266c3abbe591de1854fba7bfe4ca77d02cbac21b51
                                                                                                                                              • Instruction ID: 057f5db2caf2e7c4ac2c1508a9d89367d63459d915e084f7abf1f3106c0445c3
                                                                                                                                              • Opcode Fuzzy Hash: 8d2271974305dd7af14b9c266c3abbe591de1854fba7bfe4ca77d02cbac21b51
                                                                                                                                              • Instruction Fuzzy Hash: A44112B1904648ABCB04DF58CC46BAEBBF8EF05710F24825EF554A73C2D7759A40DBA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00DD4040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00DD4061
                                                                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00DD40C4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000000.00000002.3568956128.0000000000DD1000.00000040.00000001.01000000.00000003.sdmp, Offset: 00DD0000, based on PE: true
                                                                                                                                              • Associated: 00000000.00000002.3568906972.0000000000DD0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F52000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3568956128.0000000000F62000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F6C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F71000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569345905.0000000000F74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000000F77000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010A7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.00000000010C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001108000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001150000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001461000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              • Associated: 00000000.00000002.3569479670.0000000001702000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_0_2_dd0000_SecuriteInfo.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                              • String ID: bad locale name
                                                                                                                                              • API String ID: 3988782225-1405518554
                                                                                                                                              • Opcode ID: 9d79c90b84f0127bdd43542d943594a53fd33364186783869dd342dc6a836cb8
                                                                                                                                              • Instruction ID: 566cabeb9b391ac986492b1a9f33faa37f644ace2e0d8950861afa7444c3685d
                                                                                                                                              • Opcode Fuzzy Hash: 9d79c90b84f0127bdd43542d943594a53fd33364186783869dd342dc6a836cb8
                                                                                                                                              • Instruction Fuzzy Hash: CA11BE70805B84EED321CF68C50874BBFF4AF15714F148A9DE49597B81D3B9AA04DBA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Execution Graph

                                                                                                                                              Execution Coverage:4.6%
                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                              Signature Coverage:0%
                                                                                                                                              Total number of Nodes:1913
                                                                                                                                              Total number of Limit Nodes:34
                                                                                                                                              execution_graph 18050 9747b0 18051 9748ed 18050->18051 18052 9747ed 18050->18052 18053 953330 43 API calls 18051->18053 18057 974a30 43 API calls 18052->18057 18054 9748f2 18053->18054 18055 974a23 18054->18055 18056 97493d 18054->18056 18058 953330 43 API calls 18055->18058 18060 974a30 43 API calls 18056->18060 18063 974827 18057->18063 18059 974a28 18058->18059 18061 974977 18060->18061 18069 963d50 18061->18069 18064 96e1e0 41 API calls 18063->18064 18065 9748b4 18064->18065 18066 97499f 18067 96e1e0 41 API calls 18066->18067 18068 9749ea 18067->18068 18070 963d8f 18069->18070 18095 963df7 std::_Locinfo::_Locinfo_ctor 18069->18095 18071 963d96 18070->18071 18072 963f1e 18070->18072 18073 963f7d 18070->18073 18074 963e69 18070->18074 18070->18095 18077 983662 std::_Facet_Register 43 API calls 18071->18077 18141 967e80 18072->18141 18078 983662 std::_Facet_Register 43 API calls 18073->18078 18076 983662 std::_Facet_Register 43 API calls 18074->18076 18080 963e73 18076->18080 18079 963da0 18077->18079 18082 963f8a 18078->18082 18081 983662 std::_Facet_Register 43 API calls 18079->18081 18080->18095 18102 97bf20 18080->18102 18084 963dd2 18081->18084 18085 963fd3 18082->18085 18086 96408e 18082->18086 18082->18095 18129 97f450 18084->18129 18090 964004 18085->18090 18091 963fdb 18085->18091 18089 953330 43 API calls 18086->18089 18087 963eb1 18087->18095 18098 963d50 105 API calls 18087->18098 18093 964093 18089->18093 18092 983662 std::_Facet_Register 43 API calls 18090->18092 18091->18093 18094 963fe6 18091->18094 18092->18095 18096 952b50 Concurrency::cancel_current_task 43 API calls 18093->18096 18097 983662 std::_Facet_Register 43 API calls 18094->18097 18095->18066 18099 963fec 18096->18099 18097->18099 18098->18087 18099->18095 18100 988c60 std::_Throw_Cpp_error 41 API calls 18099->18100 18101 96409d 18100->18101 18103 97bf32 18102->18103 18104 97bf9b 18102->18104 18105 97bf3d 18103->18105 18106 97bf6c 18103->18106 18107 953330 43 API calls 18104->18107 18108 97bf44 18105->18108 18109 97bfa0 18105->18109 18110 97bf89 18106->18110 18112 983662 std::_Facet_Register 43 API calls 18106->18112 18107->18109 18111 983662 std::_Facet_Register 43 API calls 18108->18111 18113 952b50 Concurrency::cancel_current_task 43 API calls 18109->18113 18110->18087 18114 97bf4a 18111->18114 18115 97bf76 18112->18115 18113->18114 18116 97bf53 18114->18116 18117 988c60 std::_Throw_Cpp_error 41 API calls 18114->18117 18115->18087 18116->18087 18118 97bfaa 18117->18118 18119 97c067 18118->18119 18120 97bffc 18118->18120 18123 97c003 std::_Locinfo::_Locinfo_ctor 18118->18123 18122 953330 43 API calls 18119->18122 18146 96fab0 18120->18146 18124 97c06c 18122->18124 18123->18087 18125 983662 std::_Facet_Register 43 API calls 18124->18125 18126 97c09e 18125->18126 18127 953040 std::_Throw_Cpp_error 43 API calls 18126->18127 18128 97c0e2 18127->18128 18128->18087 18130 97f488 18129->18130 18140 97f52f 18129->18140 18131 983662 std::_Facet_Register 43 API calls 18130->18131 18132 97f4aa 18131->18132 18133 9663b0 std::_Throw_Cpp_error 43 API calls 18132->18133 18134 97f4c0 18133->18134 18135 963d50 105 API calls 18134->18135 18136 97f4d0 18135->18136 18137 97f450 105 API calls 18136->18137 18138 97f521 18137->18138 18139 97f450 105 API calls 18138->18139 18139->18140 18140->18095 18142 983662 std::_Facet_Register 43 API calls 18141->18142 18143 967ea6 18142->18143 18144 9663b0 std::_Throw_Cpp_error 43 API calls 18143->18144 18145 967ec5 18144->18145 18145->18095 18147 96fac2 18146->18147 18148 96fb2b 18146->18148 18149 96fafc 18147->18149 18150 96facd 18147->18150 18151 952b50 Concurrency::cancel_current_task 43 API calls 18148->18151 18153 96fb19 18149->18153 18156 983662 std::_Facet_Register 43 API calls 18149->18156 18150->18148 18152 96fad4 18150->18152 18154 96fada 18151->18154 18155 983662 std::_Facet_Register 43 API calls 18152->18155 18153->18123 18157 988c60 std::_Throw_Cpp_error 41 API calls 18154->18157 18160 96fae3 18154->18160 18155->18154 18158 96fb06 18156->18158 18159 96fb35 18157->18159 18158->18123 18161 96fb5b std::locale::_Setgloballocale 18159->18161 18164 979c70 18159->18164 18160->18123 18161->18123 18163 96fb7f 18163->18123 18165 979dc4 18164->18165 18170 979ca2 18164->18170 18166 953330 43 API calls 18165->18166 18181 979d04 std::_Locinfo::_Locinfo_ctor 18166->18181 18167 979dbf 18168 952b50 Concurrency::cancel_current_task 43 API calls 18167->18168 18168->18165 18169 988c60 std::_Throw_Cpp_error 41 API calls 18173 979dce 18169->18173 18170->18167 18171 979cf3 18170->18171 18172 979d1d 18170->18172 18171->18167 18174 979cfe 18171->18174 18177 983662 std::_Facet_Register 43 API calls 18172->18177 18172->18181 18183 969950 18173->18183 18176 983662 std::_Facet_Register 43 API calls 18174->18176 18176->18181 18177->18181 18178 979dd9 18179 9851eb std::_Throw_Cpp_error RaiseException 18178->18179 18180 979de2 18179->18180 18181->18169 18182 979d8f std::ios_base::_Ios_base_dtor 18181->18182 18182->18163 18184 969978 std::ios_base::_Ios_base_dtor 18183->18184 18185 969968 18183->18185 18184->18178 18185->18184 18186 988c60 std::_Throw_Cpp_error 41 API calls 18185->18186 18187 96998d 18186->18187 18188 969a4f 18187->18188 18195 982b64 18187->18195 18188->18178 18194 969a04 18194->18178 18196 982ae7 18195->18196 18202 9699cc 18196->18202 18224 989805 18196->18224 18201 98d098 79 API calls 18201->18202 18202->18188 18203 9683b0 18202->18203 18204 968463 18203->18204 18205 96843c 18203->18205 18207 96c430 18204->18207 18276 9911fa 18205->18276 18208 982460 std::_Lockit::_Lockit 7 API calls 18207->18208 18209 96c45f 18208->18209 18210 982460 std::_Lockit::_Lockit 7 API calls 18209->18210 18214 96c4a9 std::_Throw_Cpp_error 18209->18214 18212 96c481 18210->18212 18211 96c4f8 18213 9824b8 std::_Lockit::~_Lockit 2 API calls 18211->18213 18216 9824b8 std::_Lockit::~_Lockit 2 API calls 18212->18216 18215 96c5c9 18213->18215 18214->18211 18217 983662 std::_Facet_Register 43 API calls 18214->18217 18215->18194 18216->18214 18218 96c506 18217->18218 18219 954040 std::_Throw_Cpp_error 76 API calls 18218->18219 18220 96c536 18219->18220 18221 954100 std::_Throw_Cpp_error 74 API calls 18220->18221 18222 96c592 18221->18222 18223 9826e7 std::_Facet_Register 43 API calls 18222->18223 18223->18211 18226 98974e std::_Locinfo::_Locinfo_dtor 18224->18226 18225 989761 18227 9916ef __floor_pentium4 14 API calls 18225->18227 18226->18225 18228 989781 18226->18228 18229 989766 18227->18229 18230 989793 18228->18230 18231 989786 18228->18231 18232 988c50 ___std_exception_copy 41 API calls 18229->18232 18234 99a8e1 17 API calls 18230->18234 18233 9916ef __floor_pentium4 14 API calls 18231->18233 18236 982b33 18232->18236 18233->18236 18235 98979c 18234->18235 18237 9897b0 18235->18237 18238 9897a3 18235->18238 18236->18202 18241 98d5e6 18236->18241 18240 9897ee RtlLeaveCriticalSection 18237->18240 18239 9916ef __floor_pentium4 14 API calls 18238->18239 18239->18236 18240->18236 18242 98d5f9 ___std_exception_copy 18241->18242 18247 98d33d 18242->18247 18245 98898c ___std_exception_copy 41 API calls 18246 982b4e 18245->18246 18246->18201 18246->18202 18248 98d349 std::_Locinfo::_Locinfo_dtor 18247->18248 18249 98d34f 18248->18249 18252 98d392 18248->18252 18250 988bd3 ___std_exception_copy 41 API calls 18249->18250 18251 98d36a 18250->18251 18251->18245 18258 991240 RtlEnterCriticalSection 18252->18258 18254 98d39e 18259 98d4c0 18254->18259 18256 98d3b4 18268 98d3dd 18256->18268 18258->18254 18260 98d4d3 18259->18260 18261 98d4e6 18259->18261 18260->18256 18271 98d3e7 18261->18271 18263 989a81 74 API calls 18265 98d537 18263->18265 18264 98d509 18264->18263 18267 98d597 18264->18267 18266 99262d 43 API calls 18265->18266 18266->18267 18267->18256 18275 991254 RtlLeaveCriticalSection 18268->18275 18270 98d3e5 18270->18251 18272 98d3f8 18271->18272 18273 98d450 18271->18273 18272->18273 18274 9925ed 43 API calls 18272->18274 18273->18264 18274->18273 18275->18270 18277 99121b 18276->18277 18278 991206 18276->18278 18277->18204 18279 9916ef __floor_pentium4 14 API calls 18278->18279 18280 99120b 18279->18280 18281 988c50 ___std_exception_copy 41 API calls 18280->18281 18282 991216 18281->18282 18282->18204 15304 a14eb0 15305 a1527c 15304->15305 15320 a14eee std::ios_base::_Ios_base_dtor __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15304->15320 15306 a14f37 setsockopt recv WSAGetLastError 15306->15305 15306->15320 15308 a15267 Sleep 15308->15305 15308->15320 15310 a151c5 recv 15311 a1525f Sleep 15310->15311 15311->15308 15313 a14fdd recv 15314 a14ffe recv 15313->15314 15313->15320 15314->15320 15316 a15291 15423 988c60 15316->15423 15318 a15086 setsockopt recv 15318->15320 15319 968dc0 43 API calls 15319->15318 15320->15306 15320->15308 15320->15310 15320->15311 15320->15316 15320->15318 15320->15319 15324 a15940 WSAStartup 15320->15324 15337 968dc0 15320->15337 15346 9663b0 15320->15346 15351 a152a0 15320->15351 15410 983059 15320->15410 15413 959280 15320->15413 15325 a15a46 15324->15325 15326 a15978 15324->15326 15325->15320 15326->15325 15327 a159ae getaddrinfo 15326->15327 15328 a15a40 WSACleanup 15327->15328 15329 a159f6 15327->15329 15328->15325 15330 a15a54 FreeAddrInfoW 15329->15330 15332 a15a04 socket 15329->15332 15330->15328 15331 a15a60 15330->15331 15331->15320 15332->15328 15333 a15a1a connect 15332->15333 15334 a15a50 15333->15334 15335 a15a2c closesocket 15333->15335 15334->15330 15335->15332 15336 a15a36 FreeAddrInfoW 15335->15336 15336->15328 15339 968de2 std::locale::_Setgloballocale 15337->15339 15340 968e11 15337->15340 15338 968ef8 15339->15313 15340->15338 15428 9532d0 15340->15428 15342 968e66 std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 15343 968ecb std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 15342->15343 15442 952fe0 15342->15442 15343->15313 15345 968eb8 15345->15313 15348 9663d8 15346->15348 15347 9663e7 15347->15320 15348->15347 15349 9532d0 std::_Throw_Cpp_error 43 API calls 15348->15349 15350 96642a std::_Locinfo::_Locinfo_ctor 15349->15350 15350->15320 15352 a1531c 15351->15352 15353 a152ee 15351->15353 15354 a15324 15352->15354 15355 a1533e 15352->15355 15356 952cf0 std::_Throw_Cpp_error 43 API calls 15353->15356 15756 966290 15354->15756 15358 a15360 15355->15358 15359 a15346 15355->15359 15360 a15300 15356->15360 15363 a15385 15358->15363 15364 a15368 15358->15364 15362 966290 43 API calls 15359->15362 15361 959280 46 API calls 15360->15361 15391 a15314 15361->15391 15362->15391 15365 a153ab 15363->15365 15366 a1538d 15363->15366 15368 966290 43 API calls 15364->15368 15364->15391 15369 a15670 15365->15369 15370 a153cb 15365->15370 15365->15391 15760 9912a7 15366->15760 15368->15391 15372 a15678 15369->15372 15373 a156cb 15369->15373 15719 955400 15370->15719 15797 96b430 15372->15797 15374 a156d3 15373->15374 15375 a15726 15373->15375 15377 96b430 56 API calls 15374->15377 15378 a15781 15375->15378 15379 a1572e 15375->15379 15377->15391 15381 a15789 15378->15381 15382 a157dc 15378->15382 15380 96b430 56 API calls 15379->15380 15380->15391 15387 96b430 56 API calls 15381->15387 15383 a15834 15382->15383 15384 a157e4 15382->15384 15383->15391 15804 9a8af0 15383->15804 15388 96b430 56 API calls 15384->15388 15387->15391 15388->15391 15389 a153f0 15393 a154bb 15389->15393 15408 a15629 15389->15408 15729 952cf0 15389->15729 15733 96ace0 15389->15733 15391->15320 15736 952d30 15393->15736 15397 a154f0 15398 a15562 GetCurrentProcess 15397->15398 15402 a15595 15397->15402 15399 9663b0 std::_Throw_Cpp_error 43 API calls 15398->15399 15400 a1557e 15399->15400 15766 a1c630 VirtualAllocEx WriteProcessMemory 15400->15766 15753 989810 15402->15753 15403 a1558d 15403->15408 15794 982b9a 15408->15794 17805 98360d 15410->17805 15414 9663b0 std::_Throw_Cpp_error 43 API calls 15413->15414 15415 9592d4 15414->15415 15416 968dc0 43 API calls 15415->15416 15418 959523 std::_Locinfo::_Locinfo_ctor 15415->15418 15416->15418 15417 9595f0 GetModuleHandleA GetProcAddress WSASend 15417->15418 15419 9596e2 std::ios_base::_Ios_base_dtor 15417->15419 15418->15417 15418->15419 15420 988c60 std::_Throw_Cpp_error 41 API calls 15419->15420 15421 95975d std::ios_base::_Ios_base_dtor 15419->15421 15422 95979c 15420->15422 15421->15320 15422->15320 15424 988b9c ___std_exception_copy 41 API calls 15423->15424 15425 988c6f 15424->15425 15426 988c7d __Getctype 11 API calls 15425->15426 15427 988c7c 15426->15427 15429 953306 15428->15429 15430 9532e2 15428->15430 15431 953318 15429->15431 15434 983662 std::_Facet_Register 43 API calls 15429->15434 15432 95331f 15430->15432 15433 9532e9 15430->15433 15431->15342 15458 952b50 15432->15458 15447 983662 15433->15447 15437 953310 15434->15437 15437->15342 15438 9532ef 15439 9532f8 15438->15439 15440 988c60 std::_Throw_Cpp_error 41 API calls 15438->15440 15439->15342 15441 953329 15440->15441 15443 953007 15442->15443 15444 953017 std::ios_base::_Ios_base_dtor 15442->15444 15443->15444 15445 988c60 std::_Throw_Cpp_error 41 API calls 15443->15445 15444->15345 15446 953036 15445->15446 15450 983667 15447->15450 15449 983681 15449->15438 15450->15449 15453 952b50 Concurrency::cancel_current_task 15450->15453 15464 9923dc 15450->15464 15482 995a79 15450->15482 15452 98368d 15452->15452 15453->15452 15471 9851eb 15453->15471 15455 952b6c 15474 984b05 15455->15474 15459 952b5e Concurrency::cancel_current_task 15458->15459 15460 9851eb std::_Throw_Cpp_error RaiseException 15459->15460 15461 952b6c 15460->15461 15462 984b05 ___std_exception_copy 42 API calls 15461->15462 15463 952bac 15462->15463 15463->15438 15469 99b086 __Getctype 15464->15469 15465 99b0c4 15485 9916ef 15465->15485 15467 99b0af RtlAllocateHeap 15468 99b0c2 15467->15468 15467->15469 15468->15450 15469->15465 15469->15467 15470 995a79 std::_Facet_Register 2 API calls 15469->15470 15470->15469 15472 985232 RaiseException 15471->15472 15473 985205 15471->15473 15472->15455 15473->15472 15475 984b12 15474->15475 15481 952bac 15474->15481 15475->15475 15476 9923dc ___std_exception_copy 15 API calls 15475->15476 15475->15481 15477 984b2f 15476->15477 15478 984b3f 15477->15478 15609 999995 15477->15609 15618 991c86 15478->15618 15481->15438 15708 995aa5 15482->15708 15488 999f85 GetLastError 15485->15488 15487 9916f4 15487->15468 15489 999f9b 15488->15489 15490 999fa1 15488->15490 15511 99b64e 15489->15511 15494 999fa5 SetLastError 15490->15494 15516 99b68d 15490->15516 15494->15487 15498 999feb 15501 99b68d __Getctype 6 API calls 15498->15501 15499 999fda 15500 99b68d __Getctype 6 API calls 15499->15500 15509 999fe8 15500->15509 15502 999ff7 15501->15502 15503 999ffb 15502->15503 15504 99a012 15502->15504 15506 99b68d __Getctype 6 API calls 15503->15506 15534 999c60 15504->15534 15506->15509 15528 99b00c 15509->15528 15510 99b00c ___std_exception_destroy 12 API calls 15510->15494 15539 99b43b 15511->15539 15513 99b66a 15514 99b673 15513->15514 15515 99b685 TlsGetValue 15513->15515 15514->15490 15517 99b43b std::locale::_Setgloballocale 5 API calls 15516->15517 15518 99b6a9 15517->15518 15519 999fbd 15518->15519 15520 99b6c7 TlsSetValue 15518->15520 15519->15494 15521 99a64c 15519->15521 15527 99a659 __Getctype 15521->15527 15522 99a699 15524 9916ef __floor_pentium4 13 API calls 15522->15524 15523 99a684 RtlAllocateHeap 15525 999fd2 15523->15525 15523->15527 15524->15525 15525->15498 15525->15499 15526 995a79 std::_Facet_Register 2 API calls 15526->15527 15527->15522 15527->15523 15527->15526 15529 99b017 HeapFree 15528->15529 15533 99b041 15528->15533 15530 99b02c GetLastError 15529->15530 15529->15533 15531 99b039 ___std_exception_destroy 15530->15531 15532 9916ef __floor_pentium4 12 API calls 15531->15532 15532->15533 15533->15494 15553 999af4 15534->15553 15540 99b46b 15539->15540 15544 99b467 std::locale::_Setgloballocale 15539->15544 15540->15544 15545 99b370 15540->15545 15543 99b485 GetProcAddress 15543->15544 15544->15513 15551 99b381 std::locale::_Setgloballocale 15545->15551 15546 99b417 15546->15543 15546->15544 15547 99b39f LoadLibraryExW 15548 99b3ba GetLastError 15547->15548 15549 99b41e 15547->15549 15548->15551 15549->15546 15550 99b430 FreeLibrary 15549->15550 15550->15546 15551->15546 15551->15547 15552 99b3ed LoadLibraryExW 15551->15552 15552->15549 15552->15551 15554 999b00 std::_Locinfo::_Locinfo_dtor 15553->15554 15567 99423b RtlEnterCriticalSection 15554->15567 15556 999b0a 15568 999b3a 15556->15568 15559 999c06 15560 999c12 std::_Locinfo::_Locinfo_dtor 15559->15560 15572 99423b RtlEnterCriticalSection 15560->15572 15562 999c1c 15573 999de7 15562->15573 15564 999c34 15577 999c54 15564->15577 15567->15556 15571 994283 RtlLeaveCriticalSection 15568->15571 15570 999b28 15570->15559 15571->15570 15572->15562 15574 999e1d __Getctype 15573->15574 15575 999df6 __Getctype 15573->15575 15574->15564 15575->15574 15580 9a2134 15575->15580 15608 994283 RtlLeaveCriticalSection 15577->15608 15579 999c42 15579->15510 15581 9a214a 15580->15581 15582 9a21b4 15580->15582 15581->15582 15585 9a217d 15581->15585 15589 99b00c ___std_exception_destroy 14 API calls 15581->15589 15584 99b00c ___std_exception_destroy 14 API calls 15582->15584 15607 9a2202 15582->15607 15583 9a22a5 __Getctype 14 API calls 15602 9a2210 15583->15602 15586 9a21d6 15584->15586 15587 9a219f 15585->15587 15595 99b00c ___std_exception_destroy 14 API calls 15585->15595 15588 99b00c ___std_exception_destroy 14 API calls 15586->15588 15591 99b00c ___std_exception_destroy 14 API calls 15587->15591 15590 9a21e9 15588->15590 15594 9a2172 15589->15594 15596 99b00c ___std_exception_destroy 14 API calls 15590->15596 15592 9a21a9 15591->15592 15597 99b00c ___std_exception_destroy 14 API calls 15592->15597 15593 9a2270 15598 99b00c ___std_exception_destroy 14 API calls 15593->15598 15599 9a1438 __Getctype 14 API calls 15594->15599 15600 9a2194 15595->15600 15601 9a21f7 15596->15601 15597->15582 15603 9a2276 15598->15603 15599->15585 15604 9a1897 __Getctype 14 API calls 15600->15604 15605 99b00c ___std_exception_destroy 14 API calls 15601->15605 15602->15593 15606 99b00c 14 API calls ___std_exception_destroy 15602->15606 15603->15574 15604->15587 15605->15607 15606->15602 15607->15583 15608->15579 15610 9999a3 15609->15610 15612 9999b1 15609->15612 15610->15612 15616 9999c9 15610->15616 15611 9916ef __floor_pentium4 14 API calls 15613 9999b9 15611->15613 15612->15611 15621 988c50 15613->15621 15614 9999c3 15614->15478 15616->15614 15617 9916ef __floor_pentium4 14 API calls 15616->15617 15617->15613 15619 99b00c ___std_exception_destroy 14 API calls 15618->15619 15620 991c9e 15619->15620 15620->15481 15624 988b9c 15621->15624 15625 988bae ___std_exception_copy 15624->15625 15630 988bd3 15625->15630 15627 988bc6 15641 98898c 15627->15641 15631 988be3 15630->15631 15632 988bea 15630->15632 15647 9889f1 GetLastError 15631->15647 15637 988bf8 15632->15637 15651 9889c8 15632->15651 15635 988c1f 15635->15637 15654 988c7d IsProcessorFeaturePresent 15635->15654 15637->15627 15638 988c4f 15639 988b9c ___std_exception_copy 41 API calls 15638->15639 15640 988c5c 15639->15640 15640->15627 15642 988998 15641->15642 15643 9889af 15642->15643 15686 988a37 15642->15686 15645 988a37 ___std_exception_copy 41 API calls 15643->15645 15646 9889c2 15643->15646 15645->15646 15646->15614 15648 988a0a 15647->15648 15658 99a036 15648->15658 15652 9889ec 15651->15652 15653 9889d3 GetLastError SetLastError 15651->15653 15652->15635 15653->15635 15655 988c89 15654->15655 15680 988a54 15655->15680 15659 99a049 15658->15659 15660 99a04f 15658->15660 15661 99b64e __Getctype 6 API calls 15659->15661 15662 99b68d __Getctype 6 API calls 15660->15662 15679 988a22 SetLastError 15660->15679 15661->15660 15663 99a069 15662->15663 15664 99a64c __Getctype 14 API calls 15663->15664 15663->15679 15665 99a079 15664->15665 15666 99a081 15665->15666 15667 99a096 15665->15667 15668 99b68d __Getctype 6 API calls 15666->15668 15669 99b68d __Getctype 6 API calls 15667->15669 15677 99a08d 15668->15677 15670 99a0a2 15669->15670 15671 99a0b5 15670->15671 15672 99a0a6 15670->15672 15673 999c60 __Getctype 14 API calls 15671->15673 15675 99b68d __Getctype 6 API calls 15672->15675 15676 99a0c0 15673->15676 15674 99b00c ___std_exception_destroy 14 API calls 15674->15679 15675->15677 15678 99b00c ___std_exception_destroy 14 API calls 15676->15678 15677->15674 15678->15679 15679->15632 15681 988a70 std::locale::_Setgloballocale 15680->15681 15682 988a9c IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 15681->15682 15685 988b6d std::locale::_Setgloballocale 15682->15685 15683 983d67 _ValidateLocalCookies 5 API calls 15684 988b8b GetCurrentProcess TerminateProcess 15683->15684 15684->15638 15685->15683 15687 988a4a 15686->15687 15688 988a41 15686->15688 15687->15643 15689 9889f1 ___std_exception_copy 16 API calls 15688->15689 15690 988a46 15689->15690 15690->15687 15693 9941b6 15690->15693 15694 99f60e std::locale::_Setgloballocale RtlEnterCriticalSection RtlLeaveCriticalSection 15693->15694 15695 9941bb 15694->15695 15696 9941c6 15695->15696 15699 99f653 std::locale::_Setgloballocale 40 API calls 15695->15699 15697 9941d0 IsProcessorFeaturePresent 15696->15697 15698 9941ef 15696->15698 15700 9941dc 15697->15700 15701 9936d2 std::locale::_Setgloballocale 21 API calls 15698->15701 15699->15696 15702 988a54 std::locale::_Setgloballocale 8 API calls 15700->15702 15704 9941f9 15701->15704 15702->15698 15703 99b7e6 std::locale::_Setgloballocale 6 API calls 15703->15704 15704->15703 15705 99422e 15704->15705 15707 988a53 15704->15707 15706 994252 __Getctype RtlDeleteCriticalSection 15705->15706 15706->15707 15709 995ab1 std::_Locinfo::_Locinfo_dtor 15708->15709 15714 99423b RtlEnterCriticalSection 15709->15714 15711 995abc std::locale::_Setgloballocale 15715 995af3 15711->15715 15714->15711 15718 994283 RtlLeaveCriticalSection 15715->15718 15717 995a84 15717->15450 15718->15717 15809 982b89 15719->15809 15722 955410 15723 955419 15722->15723 15725 982524 std::_Throw_Cpp_error 79 API calls 15722->15725 15723->15389 15726 955430 15725->15726 15820 98952c 15726->15820 15730 952d13 15729->15730 15730->15730 15731 953040 std::_Throw_Cpp_error 43 API calls 15730->15731 15732 952d25 15731->15732 15732->15389 15734 96ad10 15733->15734 15734->15734 16382 96fbf0 15734->16382 15737 953040 std::_Throw_Cpp_error 43 API calls 15736->15737 15738 952d55 15737->15738 15739 a23670 15738->15739 15740 a23708 15739->15740 15749 a23711 std::locale::_Setgloballocale 15739->15749 16391 96e4b0 15740->16391 15743 a238ff 15745 a23903 15743->15745 16495 966130 15743->16495 15747 a23930 std::ios_base::_Ios_base_dtor 15745->15747 15748 988c60 std::_Throw_Cpp_error 41 API calls 15745->15748 15747->15397 15750 a2397e 15748->15750 15749->15743 15749->15745 16414 a41ae0 15749->16414 16425 974160 15749->16425 15751 983059 __Xtime_get_ticks 2 API calls 15750->15751 15752 a23986 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 15751->15752 15752->15397 16591 98974e 15753->16591 15757 9662b1 15756->15757 15758 96629d 15756->15758 15757->15391 15759 966130 43 API calls 15758->15759 15759->15757 15761 9912ba ___std_exception_copy 15760->15761 16642 98d695 15761->16642 15763 9912d4 15764 98898c ___std_exception_copy 41 API calls 15763->15764 15765 9912e1 15764->15765 15765->15391 15767 a1c70a VirtualAllocEx 15766->15767 15768 a1c6cd 15766->15768 15770 a1c77f std::locale::_Setgloballocale 15767->15770 15769 a1c6d3 WriteProcessMemory 15768->15769 15769->15769 15771 a1c707 15769->15771 16858 96ab20 15770->16858 15771->15767 15774 968f00 std::_Throw_Cpp_error 43 API calls 15775 a1c82f 15774->15775 16863 953440 15775->16863 15778 a1c91d 15779 a1c93b std::ios_base::_Ios_base_dtor 15778->15779 15780 988c60 std::_Throw_Cpp_error 41 API calls 15778->15780 15779->15403 15781 a1c97e 15780->15781 15781->15403 15782 991618 15783 99162b ___std_exception_copy 15782->15783 17120 9913fa 15783->17120 15785 991640 15786 98898c ___std_exception_copy 41 API calls 15785->15786 15787 99164d 15786->15787 15788 98d098 15787->15788 15789 98d0ab ___std_exception_copy 15788->15789 17290 98cf73 15789->17290 15791 98d0b7 15792 98898c ___std_exception_copy 41 API calls 15791->15792 15793 98d0c3 15792->15793 15793->15408 15795 982bb4 15794->15795 15796 982ba6 RtlReleaseSRWLockExclusive 15794->15796 15795->15391 15796->15795 17382 967ef0 15797->17382 15799 96b48d 17401 972100 15799->17401 15803 96b503 15803->15391 17774 9a8ba0 15804->17774 15806 9a8b21 std::_Locinfo::_Locinfo_ctor 15807 953040 std::_Throw_Cpp_error 43 API calls 15806->15807 15808 9a8b6c 15807->15808 15808->15391 15826 982bb8 GetCurrentThreadId 15809->15826 15812 982524 15813 98253a std::_Throw_Cpp_error 15812->15813 15852 9824d7 15813->15852 15821 98953f ___std_exception_copy 15820->15821 16356 9893cb 15821->16356 15823 98954e 15824 98898c ___std_exception_copy 41 API calls 15823->15824 15825 955450 15824->15825 15825->15389 15827 982c01 15826->15827 15828 982be2 15826->15828 15830 982c0a 15827->15830 15831 982c21 15827->15831 15829 982be7 RtlAcquireSRWLockExclusive 15828->15829 15837 982bf7 15828->15837 15829->15837 15832 982c15 RtlAcquireSRWLockExclusive 15830->15832 15830->15837 15833 982c80 15831->15833 15840 982c39 15831->15840 15832->15837 15835 982c87 RtlTryAcquireSRWLockExclusive 15833->15835 15833->15837 15835->15837 15836 955409 15836->15722 15836->15812 15844 983d67 15837->15844 15839 982c70 RtlTryAcquireSRWLockExclusive 15839->15837 15839->15840 15840->15837 15840->15839 15841 98301b 15840->15841 15842 983059 __Xtime_get_ticks 2 API calls 15841->15842 15843 983026 __aulldiv __aullrem 15842->15843 15843->15840 15845 983d6f 15844->15845 15846 983d70 IsProcessorFeaturePresent 15844->15846 15845->15836 15848 98454a 15846->15848 15851 98450d SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15848->15851 15850 98462d 15850->15836 15851->15850 15853 9824e3 __EH_prolog3_GS 15852->15853 15854 952cf0 std::_Throw_Cpp_error 43 API calls 15853->15854 15855 9824f7 15854->15855 15873 9536e0 15855->15873 15857 98250c 15887 983f5d 15857->15887 15874 9663b0 std::_Throw_Cpp_error 43 API calls 15873->15874 15875 953731 15874->15875 15876 95375a 15875->15876 15890 968f00 15875->15890 15878 968f00 std::_Throw_Cpp_error 43 API calls 15876->15878 15879 95378a 15878->15879 15880 984b05 ___std_exception_copy 42 API calls 15879->15880 15882 95381e 15880->15882 15881 95385f std::ios_base::_Ios_base_dtor 15881->15857 15882->15881 15883 988c60 std::_Throw_Cpp_error 41 API calls 15882->15883 15884 9538b0 15883->15884 15899 984b68 15884->15899 15886 9538f5 std::ios_base::_Ios_base_dtor 15886->15857 15888 983d67 _ValidateLocalCookies 5 API calls 15887->15888 15889 983f67 15888->15889 15889->15889 15891 968f22 std::_Locinfo::_Locinfo_ctor 15890->15891 15892 968f4f 15890->15892 15891->15876 15893 9532d0 std::_Throw_Cpp_error 43 API calls 15892->15893 15894 96902f std::ios_base::_Ios_base_dtor 15892->15894 15895 968fa4 std::_Locinfo::_Locinfo_ctor 15893->15895 15894->15876 15896 969002 std::_Locinfo::_Locinfo_ctor 15895->15896 15897 952fe0 std::_Throw_Cpp_error 41 API calls 15895->15897 15896->15876 15898 968fef 15897->15898 15898->15876 15900 984b7c 15899->15900 15901 984b75 15899->15901 15900->15886 15902 991c86 ___std_exception_destroy 14 API calls 15901->15902 15902->15900 16357 9893d7 std::_Locinfo::_Locinfo_dtor 16356->16357 16358 9893e0 16357->16358 16359 989404 16357->16359 16360 988bd3 ___std_exception_copy 41 API calls 16358->16360 16370 991240 RtlEnterCriticalSection 16359->16370 16369 9893f9 16360->16369 16362 98940d 16363 989422 16362->16363 16371 99a1db 16362->16371 16365 98948e 16363->16365 16366 9894bf 16363->16366 16367 988bd3 ___std_exception_copy 41 API calls 16365->16367 16378 9894f7 16366->16378 16367->16369 16369->15823 16370->16362 16372 99a1fc 16371->16372 16373 99a1e7 16371->16373 16372->16363 16374 9916ef __floor_pentium4 14 API calls 16373->16374 16375 99a1ec 16374->16375 16376 988c50 ___std_exception_copy 41 API calls 16375->16376 16377 99a1f7 16376->16377 16377->16363 16381 991254 RtlLeaveCriticalSection 16378->16381 16380 9894fd 16380->16369 16381->16380 16384 96fc8d 16382->16384 16387 96fc12 std::_Locinfo::_Locinfo_ctor 16382->16387 16383 96fd5e 16384->16383 16385 9532d0 std::_Throw_Cpp_error 43 API calls 16384->16385 16386 96fce1 std::_Locinfo::_Locinfo_ctor 16385->16386 16388 96fd3a std::_Locinfo::_Locinfo_ctor 16386->16388 16389 952fe0 std::_Throw_Cpp_error 41 API calls 16386->16389 16390 96fd27 16389->16390 16392 96e4c2 16391->16392 16393 96e528 16391->16393 16394 96e4ca 16392->16394 16395 96e4f9 16392->16395 16506 953330 16393->16506 16397 96e4d1 16394->16397 16398 96e52d 16394->16398 16399 96e516 16395->16399 16402 983662 std::_Facet_Register 43 API calls 16395->16402 16401 983662 std::_Facet_Register 43 API calls 16397->16401 16400 952b50 Concurrency::cancel_current_task 43 API calls 16398->16400 16399->15749 16403 96e4d7 16400->16403 16401->16403 16404 96e503 16402->16404 16405 988c60 std::_Throw_Cpp_error 41 API calls 16403->16405 16406 96e4e0 16403->16406 16404->15749 16407 96e537 16405->16407 16406->15749 16509 966ad0 16407->16509 16409 96e574 16410 954900 std::_Throw_Cpp_error 43 API calls 16409->16410 16412 96e5fb 16410->16412 16411 96e613 16411->15749 16412->16411 16513 969b60 16412->16513 16415 a41ae7 16414->16415 16416 a41aec 16414->16416 16415->15749 16417 9923dc ___std_exception_copy 15 API calls 16416->16417 16423 a41b2f 16416->16423 16417->16423 16418 a41b42 16418->15749 16419 a41bf7 16419->15749 16420 991c86 ___std_exception_destroy 14 API calls 16421 a41be7 16420->16421 16421->15749 16422 a41ba1 16422->16419 16422->16420 16423->16418 16423->16422 16424 991c86 ___std_exception_destroy 14 API calls 16423->16424 16424->16422 16426 974195 16425->16426 16427 974288 16425->16427 16428 9741b1 16426->16428 16430 974202 16426->16430 16431 9741f2 16426->16431 16429 953330 43 API calls 16427->16429 16433 983662 std::_Facet_Register 43 API calls 16428->16433 16432 97428d 16429->16432 16436 983662 std::_Facet_Register 43 API calls 16430->16436 16442 9741cf std::_Locinfo::_Locinfo_ctor std::locale::_Setgloballocale 16430->16442 16431->16428 16431->16432 16434 952b50 Concurrency::cancel_current_task 43 API calls 16432->16434 16437 9741c4 16433->16437 16435 974292 16434->16435 16438 988c60 std::_Throw_Cpp_error 41 API calls 16435->16438 16436->16442 16437->16435 16437->16442 16439 974297 16438->16439 16440 9742fa 16439->16440 16441 9743e9 16439->16441 16559 976ff0 16440->16559 16443 953330 43 API calls 16441->16443 16554 9777d0 16442->16554 16444 9743ee 16443->16444 16446 97445a 16444->16446 16447 974549 16444->16447 16451 976ff0 43 API calls 16446->16451 16449 953330 43 API calls 16447->16449 16459 97454e 16449->16459 16450 97425e 16450->15749 16454 974496 16451->16454 16452 97470b 16453 953330 43 API calls 16452->16453 16456 9746af 16453->16456 16458 9663b0 std::_Throw_Cpp_error 43 API calls 16454->16458 16455 974706 16460 952b50 Concurrency::cancel_current_task 43 API calls 16455->16460 16461 988c60 std::_Throw_Cpp_error 41 API calls 16456->16461 16485 9746d1 std::ios_base::_Ios_base_dtor 16456->16485 16457 974336 16567 977830 16457->16567 16472 9744c4 16458->16472 16459->16452 16459->16455 16462 974615 16459->16462 16463 9745ee 16459->16463 16460->16452 16464 974715 16461->16464 16469 983662 std::_Facet_Register 43 API calls 16462->16469 16476 9745ff 16462->16476 16463->16455 16465 9745f9 16463->16465 16582 96d010 16464->16582 16466 983662 std::_Facet_Register 43 API calls 16465->16466 16466->16476 16469->16476 16470 9743b0 16470->15749 16474 977830 41 API calls 16472->16474 16477 974510 16474->16477 16475 97472f 16478 9851eb std::_Throw_Cpp_error RaiseException 16475->16478 16476->16456 16476->16485 16572 981f8c 16476->16572 16477->15749 16479 974738 16478->16479 16480 974798 16479->16480 16482 97477f 16479->16482 16483 97475b 16479->16483 16481 952b50 Concurrency::cancel_current_task 43 API calls 16480->16481 16486 974768 16481->16486 16484 974791 16482->16484 16488 983662 std::_Facet_Register 43 API calls 16482->16488 16483->16480 16487 974762 16483->16487 16484->15749 16485->15749 16490 988c60 std::_Throw_Cpp_error 41 API calls 16486->16490 16494 974771 16486->16494 16491 983662 std::_Facet_Register 43 API calls 16487->16491 16492 974789 16488->16492 16493 9747a2 16490->16493 16491->16486 16492->15749 16494->15749 16496 966174 16495->16496 16498 966143 std::_Locinfo::_Locinfo_ctor 16495->16498 16497 966200 16496->16497 16499 966180 16496->16499 16501 968f00 std::_Throw_Cpp_error 43 API calls 16497->16501 16498->15745 16500 9532d0 std::_Throw_Cpp_error 43 API calls 16499->16500 16503 9661bf std::_Locinfo::_Locinfo_ctor 16500->16503 16502 966232 16501->16502 16502->15745 16504 9661ed 16503->16504 16505 952fe0 std::_Throw_Cpp_error 41 API calls 16503->16505 16504->15745 16505->16504 16517 981cda 16506->16517 16510 966b02 16509->16510 16512 966b1d 16510->16512 16543 9650e0 16510->16543 16512->16409 16514 969bbb 16513->16514 16515 969b96 16513->16515 16514->16411 16515->16514 16551 9688a0 16515->16551 16530 981a8f 16517->16530 16520 9851eb std::_Throw_Cpp_error RaiseException 16521 981cf9 16520->16521 16533 981ae4 16521->16533 16524 9851eb std::_Throw_Cpp_error RaiseException 16525 981d19 16524->16525 16536 981b27 16525->16536 16528 9851eb std::_Throw_Cpp_error RaiseException 16529 981d39 16528->16529 16540 9534e0 16530->16540 16534 9534e0 std::regex_error::regex_error 42 API calls 16533->16534 16535 981af6 16534->16535 16535->16524 16537 981b3b std::regex_error::regex_error 16536->16537 16538 9534e0 std::regex_error::regex_error 42 API calls 16537->16538 16539 981b44 16538->16539 16539->16528 16541 984b05 ___std_exception_copy 42 API calls 16540->16541 16542 953522 16541->16542 16542->16520 16544 965117 16543->16544 16545 9651b5 16543->16545 16546 966ad0 43 API calls 16544->16546 16545->16512 16547 965120 16546->16547 16548 96519d 16547->16548 16549 954900 std::_Throw_Cpp_error 43 API calls 16547->16549 16548->16545 16550 969b60 43 API calls 16548->16550 16549->16548 16550->16545 16552 954900 std::_Throw_Cpp_error 43 API calls 16551->16552 16553 9688bf 16552->16553 16553->16514 16555 9777dc 16554->16555 16556 9777f9 std::ios_base::_Ios_base_dtor 16554->16556 16555->16556 16557 988c60 std::_Throw_Cpp_error 41 API calls 16555->16557 16556->16450 16558 977824 16557->16558 16560 97703c 16559->16560 16561 976ff9 16559->16561 16560->16560 16561->16560 16562 977013 16561->16562 16564 983662 std::_Facet_Register 43 API calls 16561->16564 16563 97701c 16562->16563 16565 983662 std::_Facet_Register 43 API calls 16562->16565 16563->16457 16564->16562 16566 977035 16565->16566 16566->16457 16568 977882 std::ios_base::_Ios_base_dtor 16567->16568 16569 97783d 16567->16569 16568->16470 16569->16568 16570 988c60 std::_Throw_Cpp_error 41 API calls 16569->16570 16571 9778b6 16570->16571 16573 981fa2 16572->16573 16574 981f95 FindClose 16572->16574 16573->16476 16574->16573 16575 981fa6 16574->16575 16576 9941b6 __Getctype 41 API calls 16575->16576 16577 981fab 16576->16577 16578 981f8c 41 API calls 16577->16578 16579 981fba FindFirstFileExW 16578->16579 16580 981fd9 GetLastError 16579->16580 16581 981fd5 16579->16581 16580->16581 16581->16476 16583 96d02e 16582->16583 16584 96d01a 16582->16584 16586 969910 16583->16586 16584->16583 16585 981f8c 44 API calls 16584->16585 16585->16584 16587 969928 16586->16587 16588 969938 std::ios_base::_Ios_base_dtor 16586->16588 16587->16588 16589 988c60 std::_Throw_Cpp_error 41 API calls 16587->16589 16588->16475 16590 96994d 16589->16590 16594 98975a std::_Locinfo::_Locinfo_dtor 16591->16594 16592 989761 16593 9916ef __floor_pentium4 14 API calls 16592->16593 16596 989766 16593->16596 16594->16592 16595 989781 16594->16595 16597 989793 16595->16597 16598 989786 16595->16598 16599 988c50 ___std_exception_copy 41 API calls 16596->16599 16608 99a8e1 16597->16608 16600 9916ef __floor_pentium4 14 API calls 16598->16600 16602 989771 16599->16602 16600->16602 16602->15408 16602->15782 16604 9897b0 16616 9897ee 16604->16616 16605 9897a3 16606 9916ef __floor_pentium4 14 API calls 16605->16606 16606->16602 16609 99a8ed std::_Locinfo::_Locinfo_dtor 16608->16609 16620 99423b RtlEnterCriticalSection 16609->16620 16611 99a8fb 16621 99a985 16611->16621 16617 9897f2 16616->16617 16641 991254 RtlLeaveCriticalSection 16617->16641 16619 989803 16619->16602 16620->16611 16622 99a9a8 16621->16622 16623 99aa00 16622->16623 16630 99a908 16622->16630 16637 991240 RtlEnterCriticalSection 16622->16637 16638 991254 RtlLeaveCriticalSection 16622->16638 16624 99a64c __Getctype 14 API calls 16623->16624 16625 99aa09 16624->16625 16627 99b00c ___std_exception_destroy 14 API calls 16625->16627 16628 99aa12 16627->16628 16629 99b7e6 std::locale::_Setgloballocale 6 API calls 16628->16629 16628->16630 16631 99aa31 16629->16631 16634 99a941 16630->16634 16639 991240 RtlEnterCriticalSection 16631->16639 16640 994283 RtlLeaveCriticalSection 16634->16640 16636 98979c 16636->16604 16636->16605 16637->16622 16638->16622 16639->16630 16640->16636 16641->16619 16656 98ce69 16642->16656 16644 98d6ef 16650 98d713 16644->16650 16663 98e1c0 16644->16663 16645 98d6bc 16647 988bd3 ___std_exception_copy 41 API calls 16645->16647 16646 98d6a7 16646->16644 16646->16645 16655 98d6d7 std::_Locinfo::_Locinfo_dtor 16646->16655 16647->16655 16652 98d737 16650->16652 16670 98ce84 16650->16670 16651 98d7bf 16653 98ce12 41 API calls 16651->16653 16652->16651 16677 98ce12 16652->16677 16653->16655 16655->15763 16657 98ce6e 16656->16657 16658 98ce81 16656->16658 16659 9916ef __floor_pentium4 14 API calls 16657->16659 16658->16646 16660 98ce73 16659->16660 16661 988c50 ___std_exception_copy 41 API calls 16660->16661 16662 98ce7e 16661->16662 16662->16646 16664 988a37 ___std_exception_copy 41 API calls 16663->16664 16665 98e1d0 16664->16665 16683 99a14c 16665->16683 16671 98ce90 16670->16671 16672 98cea6 16670->16672 16673 99453e __Getctype 41 API calls 16671->16673 16674 98ceb6 16672->16674 16827 999a29 16672->16827 16675 98ce9b std::_Locinfo::_Locinfo_dtor 16673->16675 16674->16650 16675->16650 16678 98ce23 16677->16678 16679 98ce37 16677->16679 16678->16679 16680 9916ef __floor_pentium4 14 API calls 16678->16680 16679->16651 16681 98ce2c 16680->16681 16682 988c50 ___std_exception_copy 41 API calls 16681->16682 16682->16679 16684 98e1ed 16683->16684 16685 99a163 16683->16685 16687 99a1aa 16684->16687 16685->16684 16686 9a2380 __Getctype 41 API calls 16685->16686 16686->16684 16688 98e1fa 16687->16688 16689 99a1c1 16687->16689 16688->16650 16689->16688 16691 9a06ab 16689->16691 16692 999e32 __Getctype 41 API calls 16691->16692 16693 9a06b0 16692->16693 16696 9a05c3 16693->16696 16695 9a06bb 16695->16688 16697 9a05cf std::_Locinfo::_Locinfo_dtor 16696->16697 16699 9a05e9 16697->16699 16711 99423b RtlEnterCriticalSection 16697->16711 16700 9a05f0 16699->16700 16703 9941b6 __Getctype 41 API calls 16699->16703 16700->16695 16701 9a0625 16712 9a0642 16701->16712 16704 9a0662 16703->16704 16706 9a069e 16704->16706 16715 999eed 16704->16715 16705 9a05f9 16705->16701 16708 99b00c ___std_exception_destroy 14 API calls 16705->16708 16706->16695 16708->16701 16711->16705 16763 994283 RtlLeaveCriticalSection 16712->16763 16714 9a0649 16714->16699 16716 999ef8 16715->16716 16717 999efe 16715->16717 16718 99b64e __Getctype 6 API calls 16716->16718 16719 99b68d __Getctype 6 API calls 16717->16719 16737 999f04 16717->16737 16718->16717 16720 999f18 16719->16720 16722 99a64c __Getctype 14 API calls 16720->16722 16720->16737 16721 9941b6 __Getctype 41 API calls 16723 999f82 16721->16723 16725 999f28 16722->16725 16724 999f09 16740 9a046e 16724->16740 16726 999f30 16725->16726 16727 999f45 16725->16727 16728 99b68d __Getctype 6 API calls 16726->16728 16729 99b68d __Getctype 6 API calls 16727->16729 16730 999f3c 16728->16730 16731 999f51 16729->16731 16734 99b00c ___std_exception_destroy 14 API calls 16730->16734 16732 999f55 16731->16732 16733 999f64 16731->16733 16735 99b68d __Getctype 6 API calls 16732->16735 16736 999c60 __Getctype 14 API calls 16733->16736 16734->16737 16735->16730 16738 999f6f 16736->16738 16737->16721 16737->16724 16739 99b00c ___std_exception_destroy 14 API calls 16738->16739 16739->16724 16741 9a05c3 std::_Locinfo::_Locinfo_dtor 51 API calls 16740->16741 16742 9a0498 16741->16742 16764 9a01f5 16742->16764 16747 9a04ca 16749 99b00c ___std_exception_destroy 14 API calls 16747->16749 16748 9a04d8 16778 9a06be 16748->16778 16751 9a04b1 16749->16751 16751->16706 16753 9a0510 16754 9916ef __floor_pentium4 14 API calls 16753->16754 16755 9a0515 16754->16755 16756 99b00c ___std_exception_destroy 14 API calls 16755->16756 16756->16751 16757 9a052b std::_Locinfo::_Locinfo_dtor 16759 99b00c ___std_exception_destroy 14 API calls 16757->16759 16761 9a0557 16757->16761 16758 99b00c ___std_exception_destroy 14 API calls 16758->16751 16759->16761 16762 9a05a0 16761->16762 16789 9a00e7 16761->16789 16762->16758 16763->16714 16797 98959e 16764->16797 16767 9a0228 16769 9a022d GetACP 16767->16769 16770 9a023f 16767->16770 16768 9a0216 GetOEMCP 16768->16770 16769->16770 16770->16751 16771 99b086 16770->16771 16772 99b0c4 16771->16772 16776 99b094 __Getctype 16771->16776 16773 9916ef __floor_pentium4 14 API calls 16772->16773 16775 99b0c2 16773->16775 16774 99b0af RtlAllocateHeap 16774->16775 16774->16776 16775->16747 16775->16748 16776->16772 16776->16774 16777 995a79 std::_Facet_Register 2 API calls 16776->16777 16777->16776 16779 9a01f5 std::_Locinfo::_Locinfo_dtor 49 API calls 16778->16779 16780 9a06de 16779->16780 16782 9a071b IsValidCodePage 16780->16782 16787 9a07e3 std::_Locinfo::_Locinfo_dtor 16780->16787 16788 9a0736 std::_Locinfo::_Locinfo_dtor std::locale::_Setgloballocale 16780->16788 16781 983d67 _ValidateLocalCookies 5 API calls 16783 9a0505 16781->16783 16784 9a072d 16782->16784 16782->16787 16783->16753 16783->16757 16785 9a0756 GetCPInfo 16784->16785 16784->16788 16785->16787 16785->16788 16787->16781 16805 9a02c9 16788->16805 16790 9a00f3 std::_Locinfo::_Locinfo_dtor 16789->16790 16816 99423b RtlEnterCriticalSection 16790->16816 16792 9a00fd 16817 9a0134 16792->16817 16798 9895bc 16797->16798 16799 9895b5 16797->16799 16798->16799 16800 999e32 __Getctype 41 API calls 16798->16800 16799->16767 16799->16768 16801 9895dd 16800->16801 16802 99a11f __Getctype 41 API calls 16801->16802 16803 9895f3 16802->16803 16804 99a17d std::_Locinfo::_Locinfo_dtor 51 API calls 16803->16804 16804->16799 16806 9a02f1 GetCPInfo 16805->16806 16815 9a03ba 16805->16815 16812 9a0309 16806->16812 16806->16815 16807 99f43b std::_Locinfo::_Locinfo_dtor 50 API calls 16809 9a0371 16807->16809 16808 983d67 _ValidateLocalCookies 5 API calls 16810 9a046c 16808->16810 16811 99a898 std::_Locinfo::_Locinfo_dtor 50 API calls 16809->16811 16810->16787 16813 9a0392 16811->16813 16812->16807 16814 99a898 std::_Locinfo::_Locinfo_dtor 50 API calls 16813->16814 16814->16815 16815->16808 16816->16792 16818 98cedb std::_Locinfo::_Locinfo_dtor 41 API calls 16817->16818 16819 9a0156 16818->16819 16820 98cedb std::_Locinfo::_Locinfo_dtor 41 API calls 16819->16820 16821 9a0175 16820->16821 16822 9a010a 16821->16822 16823 99b00c ___std_exception_destroy 14 API calls 16821->16823 16824 9a0128 16822->16824 16823->16822 16825 994283 std::_Lockit::~_Lockit RtlLeaveCriticalSection 16824->16825 16826 9a0116 16825->16826 16826->16762 16828 98959e std::_Locinfo::_Locinfo_dtor 51 API calls 16827->16828 16830 999a46 16828->16830 16829 999a56 16832 983d67 _ValidateLocalCookies 5 API calls 16829->16832 16830->16829 16834 99f43b 16830->16834 16833 999af2 16832->16833 16833->16674 16835 98959e std::_Locinfo::_Locinfo_dtor 50 API calls 16834->16835 16836 99f45b 16835->16836 16849 99b16c 16836->16849 16838 99f517 16841 983d67 _ValidateLocalCookies 5 API calls 16838->16841 16839 99f50f 16852 983265 16839->16852 16840 99f488 16840->16838 16840->16839 16843 99b086 std::_Locinfo::_Locinfo_dtor 15 API calls 16840->16843 16845 99f4ad std::_Locinfo::_Locinfo_dtor std::locale::_Setgloballocale 16840->16845 16844 99f53a 16841->16844 16843->16845 16844->16829 16845->16839 16846 99b16c std::_Locinfo::_Locinfo_dtor MultiByteToWideChar 16845->16846 16847 99f4f6 16846->16847 16847->16839 16848 99f4fd GetStringTypeW 16847->16848 16848->16839 16856 99b0d4 16849->16856 16853 98326f 16852->16853 16855 983280 16852->16855 16854 991c86 ___std_exception_destroy 14 API calls 16853->16854 16853->16855 16854->16855 16855->16838 16857 99b0e5 MultiByteToWideChar 16856->16857 16857->16840 16860 96ab55 16858->16860 16859 96aba3 16860->16859 16867 96e8a0 16860->16867 16862 96ab83 16862->15774 16864 953459 16863->16864 16871 990dc7 16864->16871 16868 96e8ce 16867->16868 16869 96e8f8 std::_Locinfo::_Locinfo_ctor 16867->16869 16870 9532d0 std::_Throw_Cpp_error 43 API calls 16868->16870 16869->16862 16870->16869 16872 990ddb ___std_exception_copy 16871->16872 16877 98e555 16872->16877 16875 98898c ___std_exception_copy 41 API calls 16876 953467 WriteProcessMemory WriteProcessMemory CreateRemoteThread WaitForSingleObject 16875->16876 16876->15778 16876->15779 16878 98e581 16877->16878 16879 98e5a4 16877->16879 16880 988bd3 ___std_exception_copy 41 API calls 16878->16880 16879->16878 16881 98e5ac 16879->16881 16887 98e599 16880->16887 16888 98fa97 16881->16888 16882 983d67 _ValidateLocalCookies 5 API calls 16883 98e6c7 16882->16883 16883->16875 16887->16882 16906 990afd 16888->16906 16891 98fabc 16892 988bd3 ___std_exception_copy 41 API calls 16891->16892 16894 98e62d 16892->16894 16893 98fae4 std::_Locinfo::_Locinfo_dtor 16893->16894 16897 98e1c0 std::_Locinfo::_Locinfo_dtor 51 API calls 16893->16897 16899 98fbc0 16893->16899 16910 98f48b 16893->16910 16913 98fec4 16893->16913 16947 99035f 16893->16947 16903 98f27d 16894->16903 16897->16893 16900 988bd3 ___std_exception_copy 41 API calls 16899->16900 16901 98fbda 16900->16901 16902 988bd3 ___std_exception_copy 41 API calls 16901->16902 16902->16894 16904 99b00c ___std_exception_destroy 14 API calls 16903->16904 16905 98f28d 16904->16905 16905->16887 16907 990b08 16906->16907 16909 98fab1 16906->16909 16908 988bd3 ___std_exception_copy 41 API calls 16907->16908 16908->16909 16909->16891 16909->16893 16909->16894 16976 98e832 16910->16976 16912 98f4c6 16912->16893 16914 98fecb 16913->16914 16915 98fee2 16913->16915 16916 9903e4 16914->16916 16917 990384 16914->16917 16924 98ff21 16914->16924 16918 988bd3 ___std_exception_copy 41 API calls 16915->16918 16915->16924 16922 9903e9 16916->16922 16923 99041d 16916->16923 16919 99040a 16917->16919 16920 99038a 16917->16920 16921 98ff16 16918->16921 17011 98ebec 16919->17011 16934 99038f 16920->16934 16935 9903db 16920->16935 16921->16893 16925 9903eb 16922->16925 16926 990416 16922->16926 16927 99043a 16923->16927 16928 990422 16923->16928 16924->16893 16932 99039e 16925->16932 16936 9903fa 16925->16936 17018 990a20 16926->17018 17022 990a3d 16927->17022 16928->16919 16928->16935 16945 9903b5 16928->16945 16946 990443 16932->16946 16986 990775 16932->16986 16934->16932 16937 9903c8 16934->16937 16934->16945 16935->16946 17000 98ed79 16935->17000 16936->16919 16939 9903fe 16936->16939 16937->16946 16996 990906 16937->16996 16939->16946 17007 99099b 16939->17007 16941 983d67 _ValidateLocalCookies 5 API calls 16943 9906bc 16941->16943 16943->16893 16945->16946 17025 99c5ac 16945->17025 16946->16941 16948 9903e4 16947->16948 16949 990384 16947->16949 16952 9903e9 16948->16952 16953 99041d 16948->16953 16950 99040a 16949->16950 16951 99038a 16949->16951 16959 98ebec 42 API calls 16950->16959 16963 99038f 16951->16963 16964 9903db 16951->16964 16954 9903eb 16952->16954 16955 990416 16952->16955 16956 99043a 16953->16956 16957 990422 16953->16957 16961 99039e 16954->16961 16966 9903fa 16954->16966 16960 990a20 42 API calls 16955->16960 16958 990a3d 42 API calls 16956->16958 16957->16950 16957->16964 16974 9903b5 16957->16974 16958->16974 16959->16974 16960->16974 16962 990775 53 API calls 16961->16962 16975 990443 16961->16975 16962->16974 16963->16961 16965 9903c8 16963->16965 16963->16974 16967 98ed79 42 API calls 16964->16967 16964->16975 16969 990906 52 API calls 16965->16969 16965->16975 16966->16950 16968 9903fe 16966->16968 16967->16974 16971 99099b 41 API calls 16968->16971 16968->16975 16969->16974 16970 983d67 _ValidateLocalCookies 5 API calls 16972 9906bc 16970->16972 16971->16974 16972->16893 16973 99c5ac 52 API calls 16973->16974 16974->16973 16974->16975 16975->16970 16977 98ce69 std::_Locinfo::_Locinfo_dtor 41 API calls 16976->16977 16979 98e844 16977->16979 16978 98e859 16980 988bd3 ___std_exception_copy 41 API calls 16978->16980 16979->16978 16981 98e88c 16979->16981 16985 98e874 std::_Locinfo::_Locinfo_dtor 16979->16985 16980->16985 16983 98ce12 41 API calls 16981->16983 16984 98e923 16981->16984 16982 98ce12 41 API calls 16982->16985 16983->16984 16984->16982 16985->16912 16987 99078f 16986->16987 17035 98e780 16987->17035 16989 9907ce 17046 99c42b 16989->17046 16992 990885 16994 98e1c0 std::_Locinfo::_Locinfo_dtor 51 API calls 16992->16994 16995 9908b8 16992->16995 16993 98e1c0 std::_Locinfo::_Locinfo_dtor 51 API calls 16993->16992 16994->16995 16995->16945 16995->16995 16998 990921 16996->16998 16997 990957 16997->16945 16998->16997 16999 99c5ac 52 API calls 16998->16999 16999->16997 17001 98ed8e 17000->17001 17002 98edb0 17001->17002 17004 98edd7 17001->17004 17003 988bd3 ___std_exception_copy 41 API calls 17002->17003 17006 98edcd 17003->17006 17005 98e780 15 API calls 17004->17005 17004->17006 17005->17006 17006->16945 17010 9909b1 17007->17010 17008 988bd3 ___std_exception_copy 41 API calls 17009 9909d2 17008->17009 17009->16945 17010->17008 17010->17009 17012 98ec01 17011->17012 17013 98ec23 17012->17013 17015 98ec4a 17012->17015 17014 988bd3 ___std_exception_copy 41 API calls 17013->17014 17017 98ec40 17014->17017 17016 98e780 15 API calls 17015->17016 17015->17017 17016->17017 17017->16945 17019 990a2c 17018->17019 17110 98ea5f 17019->17110 17021 990a3c 17021->16945 17023 98ed79 42 API calls 17022->17023 17024 990a52 17023->17024 17024->16945 17027 99c5c1 17025->17027 17026 99c602 17029 99c5c5 std::_Locinfo::_Locinfo_dtor std::locale::_Setgloballocale 17026->17029 17034 99c5ee std::locale::_Setgloballocale 17026->17034 17117 99ec43 17026->17117 17027->17026 17028 98e1c0 std::_Locinfo::_Locinfo_dtor 51 API calls 17027->17028 17027->17029 17027->17034 17028->17026 17029->16945 17030 988bd3 ___std_exception_copy 41 API calls 17030->17029 17032 99c6bd 17032->17029 17033 99c6d3 GetLastError 17032->17033 17033->17029 17033->17034 17034->17029 17034->17030 17036 98e7a7 17035->17036 17043 98e795 17035->17043 17037 99b086 std::_Locinfo::_Locinfo_dtor 15 API calls 17036->17037 17036->17043 17038 98e7cb 17037->17038 17039 98e7de 17038->17039 17040 98e7d3 17038->17040 17065 98f297 17039->17065 17041 99b00c ___std_exception_destroy 14 API calls 17040->17041 17041->17043 17043->16989 17045 99b00c ___std_exception_destroy 14 API calls 17045->17043 17047 99c460 17046->17047 17048 99c43c 17046->17048 17047->17048 17050 99c493 17047->17050 17049 988bd3 ___std_exception_copy 41 API calls 17048->17049 17062 990861 17049->17062 17051 99c4fb 17050->17051 17052 99c4cc 17050->17052 17053 99c524 17051->17053 17054 99c529 17051->17054 17068 99c2cf 17052->17068 17056 99c58b 17053->17056 17057 99c551 17053->17057 17076 99bb58 17054->17076 17103 99be85 17056->17103 17059 99c571 17057->17059 17060 99c556 17057->17060 17096 99c07c 17059->17096 17086 99c200 17060->17086 17062->16992 17062->16993 17066 99b00c ___std_exception_destroy 14 API calls 17065->17066 17067 98e7e9 17066->17067 17067->17045 17069 99c2e5 17068->17069 17070 99c2f0 17068->17070 17069->17062 17071 999995 ___std_exception_copy 41 API calls 17070->17071 17072 99c34b 17071->17072 17073 99c355 17072->17073 17074 988c7d __Getctype 11 API calls 17072->17074 17073->17062 17075 99c363 17074->17075 17077 99bb6b 17076->17077 17078 99bb7a 17077->17078 17079 99bb9c 17077->17079 17081 988bd3 ___std_exception_copy 41 API calls 17078->17081 17080 99bbb1 17079->17080 17083 99bc04 17079->17083 17082 99be85 53 API calls 17080->17082 17085 99bb92 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z std::locale::_Setgloballocale __allrem _strrchr 17081->17085 17082->17085 17084 98e1c0 std::_Locinfo::_Locinfo_dtor 51 API calls 17083->17084 17083->17085 17084->17085 17085->17062 17087 9a47ad 43 API calls 17086->17087 17088 99c230 17087->17088 17089 9a46b3 41 API calls 17088->17089 17090 99c26e 17089->17090 17091 99c275 17090->17091 17092 99c2ae 17090->17092 17094 99c287 17090->17094 17091->17062 17093 99bf29 51 API calls 17092->17093 17093->17091 17095 99c112 51 API calls 17094->17095 17095->17091 17097 9a47ad 43 API calls 17096->17097 17098 99c0ab 17097->17098 17099 9a46b3 41 API calls 17098->17099 17100 99c0ec 17099->17100 17101 99c0f3 17100->17101 17102 99c112 51 API calls 17100->17102 17101->17062 17102->17101 17104 9a47ad 43 API calls 17103->17104 17105 99beaf 17104->17105 17106 9a46b3 41 API calls 17105->17106 17107 99befd 17106->17107 17108 99bf04 17107->17108 17109 99bf29 51 API calls 17107->17109 17108->17062 17109->17108 17111 98ea74 17110->17111 17112 98ea96 17111->17112 17114 98eabd 17111->17114 17113 988bd3 ___std_exception_copy 41 API calls 17112->17113 17116 98eab3 17113->17116 17115 98e780 15 API calls 17114->17115 17114->17116 17115->17116 17116->17021 17118 99ec56 std::_Locinfo::_Locinfo_dtor 17117->17118 17119 99ec94 WideCharToMultiByte 17118->17119 17119->17032 17121 991408 17120->17121 17122 991430 17120->17122 17121->17122 17123 991415 17121->17123 17124 991437 17121->17124 17122->15785 17125 988bd3 ___std_exception_copy 41 API calls 17123->17125 17128 991353 17124->17128 17125->17122 17129 99135f std::_Locinfo::_Locinfo_dtor 17128->17129 17136 991240 RtlEnterCriticalSection 17129->17136 17131 99136d 17137 9913ae 17131->17137 17136->17131 17147 99c89c 17137->17147 17144 9913a2 17289 991254 RtlLeaveCriticalSection 17144->17289 17146 99138b 17146->15785 17167 99c85e 17147->17167 17149 99c8ad 17150 9913c6 17149->17150 17151 99b086 std::_Locinfo::_Locinfo_dtor 15 API calls 17149->17151 17154 991471 17150->17154 17152 99c906 17151->17152 17153 99b00c ___std_exception_destroy 14 API calls 17152->17153 17153->17150 17157 991483 17154->17157 17158 9913e4 17154->17158 17155 991491 17156 988bd3 ___std_exception_copy 41 API calls 17155->17156 17156->17158 17157->17155 17157->17158 17161 9914c7 std::_Locinfo::_Locinfo_ctor 17157->17161 17163 99c947 17158->17163 17160 99a1db 41 API calls 17160->17161 17161->17158 17161->17160 17183 989a81 17161->17183 17189 999668 17161->17189 17164 99137a 17163->17164 17165 99c952 17163->17165 17164->17144 17165->17164 17166 989a81 74 API calls 17165->17166 17166->17164 17168 99c86a 17167->17168 17169 99c894 17168->17169 17170 99a1db 41 API calls 17168->17170 17169->17149 17171 99c885 17170->17171 17174 9a3bd1 17171->17174 17173 99c88b 17173->17149 17175 9a3beb 17174->17175 17176 9a3bde 17174->17176 17179 9a3bf7 17175->17179 17180 9916ef __floor_pentium4 14 API calls 17175->17180 17177 9916ef __floor_pentium4 14 API calls 17176->17177 17178 9a3be3 17177->17178 17178->17173 17179->17173 17181 9a3c18 17180->17181 17182 988c50 ___std_exception_copy 41 API calls 17181->17182 17182->17178 17184 989a9a 17183->17184 17185 989ac1 17183->17185 17184->17185 17186 99a1db 41 API calls 17184->17186 17185->17161 17187 989ab6 17186->17187 17188 999668 74 API calls 17187->17188 17188->17185 17190 999674 std::_Locinfo::_Locinfo_dtor 17189->17190 17191 9996b5 17190->17191 17193 9996fb 17190->17193 17199 99967c 17190->17199 17192 988bd3 ___std_exception_copy 41 API calls 17191->17192 17192->17199 17200 99e6b2 RtlEnterCriticalSection 17193->17200 17195 999701 17196 99971f 17195->17196 17201 999779 17195->17201 17229 999771 17196->17229 17199->17161 17200->17195 17202 9997a1 17201->17202 17228 9997c4 17201->17228 17203 9997a5 17202->17203 17205 999800 17202->17205 17204 988bd3 ___std_exception_copy 41 API calls 17203->17204 17204->17228 17206 99981e 17205->17206 17239 99262d 17205->17239 17232 9992be 17206->17232 17210 99987d 17214 999891 17210->17214 17215 9998e6 WriteFile 17210->17215 17211 999836 17212 99983e 17211->17212 17213 999865 17211->17213 17212->17228 17242 999256 17212->17242 17247 998e8f GetConsoleOutputCP 17213->17247 17218 999899 17214->17218 17219 9998d2 17214->17219 17217 999908 GetLastError 17215->17217 17215->17228 17217->17228 17222 9998be 17218->17222 17223 99989e 17218->17223 17275 99933b 17219->17275 17267 9994ff 17222->17267 17226 9998a7 17223->17226 17223->17228 17225 999878 17225->17228 17260 999416 17226->17260 17228->17196 17288 99e767 RtlLeaveCriticalSection 17229->17288 17231 999777 17231->17199 17233 9a3bd1 41 API calls 17232->17233 17234 9992d0 17233->17234 17235 999334 17234->17235 17236 98e1c0 std::_Locinfo::_Locinfo_dtor 51 API calls 17234->17236 17238 9992fe 17234->17238 17235->17210 17235->17211 17236->17238 17237 999318 GetConsoleMode 17237->17235 17238->17235 17238->17237 17282 99250c 17239->17282 17241 992646 17241->17206 17243 9992ad 17242->17243 17245 999278 17242->17245 17243->17228 17244 9a3d9e CreateFileW CloseHandle WriteConsoleW GetLastError WriteConsoleW 17244->17245 17245->17243 17245->17244 17246 9992af GetLastError 17245->17246 17246->17243 17248 998f01 17247->17248 17255 998f08 std::_Locinfo::_Locinfo_ctor 17247->17255 17249 98e1c0 std::_Locinfo::_Locinfo_dtor 51 API calls 17248->17249 17249->17255 17250 983d67 _ValidateLocalCookies 5 API calls 17251 99924f 17250->17251 17251->17225 17252 99c716 51 API calls 17252->17255 17253 9991be 17253->17250 17254 99ec43 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 17254->17255 17255->17252 17255->17253 17255->17254 17256 999137 WriteFile 17255->17256 17258 9a3c96 5 API calls std::_Locinfo::_Locinfo_dtor 17255->17258 17259 999175 WriteFile 17255->17259 17256->17255 17257 99922d GetLastError 17256->17257 17257->17253 17258->17255 17259->17255 17259->17257 17264 999425 17260->17264 17261 9994e4 17263 983d67 _ValidateLocalCookies 5 API calls 17261->17263 17262 99949a WriteFile 17262->17264 17265 9994e6 GetLastError 17262->17265 17266 9994fd 17263->17266 17264->17261 17264->17262 17265->17261 17266->17228 17269 99950e 17267->17269 17268 983d67 _ValidateLocalCookies 5 API calls 17270 99962f 17268->17270 17271 99ec43 std::_Locinfo::_Locinfo_dtor WideCharToMultiByte 17269->17271 17272 999618 GetLastError 17269->17272 17273 9995cd WriteFile 17269->17273 17274 999616 17269->17274 17270->17225 17271->17269 17272->17274 17273->17269 17273->17272 17274->17268 17280 99934a 17275->17280 17276 9993fb 17277 983d67 _ValidateLocalCookies 5 API calls 17276->17277 17278 999414 17277->17278 17278->17225 17279 9993ba WriteFile 17279->17280 17281 9993fd GetLastError 17279->17281 17280->17276 17280->17279 17281->17276 17283 99e92e 41 API calls 17282->17283 17284 99251e 17283->17284 17285 99253a SetFilePointerEx 17284->17285 17287 992526 17284->17287 17286 992552 GetLastError 17285->17286 17285->17287 17286->17287 17287->17241 17288->17231 17289->17146 17291 98cf7f std::_Locinfo::_Locinfo_dtor 17290->17291 17292 98cf89 17291->17292 17293 98cfac 17291->17293 17294 988bd3 ___std_exception_copy 41 API calls 17292->17294 17300 98cfa4 17293->17300 17301 991240 RtlEnterCriticalSection 17293->17301 17294->17300 17296 98cfca 17302 98d00a 17296->17302 17298 98cfd7 17316 98d002 17298->17316 17300->15791 17301->17296 17303 98d03a 17302->17303 17304 98d017 17302->17304 17306 989a81 74 API calls 17303->17306 17314 98d032 17303->17314 17305 988bd3 ___std_exception_copy 41 API calls 17304->17305 17305->17314 17307 98d052 17306->17307 17319 99b046 17307->17319 17310 99a1db 41 API calls 17311 98d066 17310->17311 17323 998d1c 17311->17323 17314->17298 17315 99b00c ___std_exception_destroy 14 API calls 17315->17314 17381 991254 RtlLeaveCriticalSection 17316->17381 17318 98d008 17318->17300 17320 99b05d 17319->17320 17321 98d05a 17319->17321 17320->17321 17322 99b00c ___std_exception_destroy 14 API calls 17320->17322 17321->17310 17322->17321 17324 998d45 17323->17324 17329 98d06d 17323->17329 17325 998d94 17324->17325 17327 998d6c 17324->17327 17326 988bd3 ___std_exception_copy 41 API calls 17325->17326 17326->17329 17330 998c8b 17327->17330 17329->17314 17329->17315 17331 998c97 std::_Locinfo::_Locinfo_dtor 17330->17331 17338 99e6b2 RtlEnterCriticalSection 17331->17338 17333 998ca5 17334 998cd6 17333->17334 17339 998def 17333->17339 17352 998d10 17334->17352 17338->17333 17355 99e92e 17339->17355 17341 998e05 17368 99e89d 17341->17368 17343 998dff 17343->17341 17344 998e37 17343->17344 17345 99e92e 41 API calls 17343->17345 17344->17341 17346 99e92e 41 API calls 17344->17346 17347 998e2e 17345->17347 17348 998e43 FindCloseChangeNotification 17346->17348 17349 99e92e 41 API calls 17347->17349 17348->17341 17350 998e4f GetLastError 17348->17350 17349->17344 17350->17341 17351 998e5d 17351->17334 17380 99e767 RtlLeaveCriticalSection 17352->17380 17354 998cf9 17354->17329 17356 99e93b 17355->17356 17359 99e950 17355->17359 17377 9916dc 17356->17377 17360 9916dc 14 API calls 17359->17360 17362 99e975 17359->17362 17363 99e980 17360->17363 17361 9916ef __floor_pentium4 14 API calls 17364 99e948 17361->17364 17362->17343 17365 9916ef __floor_pentium4 14 API calls 17363->17365 17364->17343 17366 99e988 17365->17366 17367 988c50 ___std_exception_copy 41 API calls 17366->17367 17367->17364 17369 99e8ac 17368->17369 17370 99e913 17368->17370 17369->17370 17376 99e8d6 17369->17376 17371 9916ef __floor_pentium4 14 API calls 17370->17371 17372 99e918 17371->17372 17373 9916dc 14 API calls 17372->17373 17374 99e903 17373->17374 17374->17351 17375 99e8fd SetStdHandle 17375->17374 17376->17374 17376->17375 17378 999f85 __floor_pentium4 14 API calls 17377->17378 17379 9916e1 17378->17379 17379->17361 17380->17354 17381->17318 17383 968034 17382->17383 17384 967f1d 17382->17384 17393 952cf0 std::_Throw_Cpp_error 43 API calls 17383->17393 17395 967f29 17383->17395 17385 967f24 17384->17385 17386 967f83 17384->17386 17387 967fcb 17384->17387 17388 967f7c 17384->17388 17389 967f2b 17384->17389 17463 96c3a0 17385->17463 17390 983662 std::_Facet_Register 43 API calls 17386->17390 17387->15799 17468 96cf80 17388->17468 17392 983662 std::_Facet_Register 43 API calls 17389->17392 17390->17395 17392->17395 17396 96804f 17393->17396 17395->15799 17473 957f90 17396->17473 17398 968062 17399 9851eb std::_Throw_Cpp_error RaiseException 17398->17399 17400 968073 17399->17400 17402 97215f 17401->17402 17530 99132b 17402->17530 17406 96b4f0 17407 96db10 17406->17407 17408 96db56 17407->17408 17409 96de3d 17407->17409 17582 96ebb0 17408->17582 17411 96fd70 43 API calls 17409->17411 17413 96de87 17411->17413 17412 96dba4 17414 96fd70 43 API calls 17412->17414 17415 96eda0 56 API calls 17413->17415 17460 96df4f std::ios_base::_Ios_base_dtor 17413->17460 17416 96dbc1 17414->17416 17418 96dee2 17415->17418 17462 96dcc3 std::ios_base::_Ios_base_dtor 17416->17462 17588 96eda0 17416->17588 17417 967ef0 43 API calls 17419 96dfc7 17417->17419 17420 9575c0 43 API calls 17418->17420 17425 988c60 std::_Throw_Cpp_error 41 API calls 17419->17425 17429 96de38 std::ios_base::_Ios_base_dtor 17419->17429 17421 96df06 17420->17421 17426 96f440 56 API calls 17421->17426 17423 96dd82 17432 967ef0 43 API calls 17423->17432 17436 96dd9f 17423->17436 17424 96dcec 17428 967ef0 43 API calls 17424->17428 17430 96e06f 17425->17430 17442 96df1f 17426->17442 17427 96dc1c 17635 9575c0 17427->17635 17455 96dd01 17428->17455 17429->15803 17684 9690b0 17430->17684 17432->17436 17434 96e093 17439 9690b0 42 API calls 17434->17439 17435 96dc40 17665 96f440 17435->17665 17440 9635b0 41 API calls 17436->17440 17444 96e0a1 17439->17444 17445 96dd6c 17440->17445 17441 9851eb std::_Throw_Cpp_error RaiseException 17446 96e08e 17441->17446 17442->17434 17447 957a20 14 API calls 17442->17447 17443 96dc56 17443->17430 17448 96dc6b 17443->17448 17449 9851eb std::_Throw_Cpp_error RaiseException 17444->17449 17453 9635b0 41 API calls 17445->17453 17450 988c60 std::_Throw_Cpp_error 41 API calls 17446->17450 17447->17460 17674 957a20 17448->17674 17451 96e0b2 17449->17451 17450->17434 17454 988c60 std::_Throw_Cpp_error 41 API calls 17451->17454 17456 96de26 17453->17456 17458 96e0b7 17454->17458 17679 9635b0 17455->17679 17459 9635b0 41 API calls 17456->17459 17459->17429 17460->17417 17460->17419 17460->17451 17461 96dc86 17461->17446 17461->17462 17462->17423 17462->17424 17464 983662 std::_Facet_Register 43 API calls 17463->17464 17465 96c3c3 17464->17465 17466 983662 std::_Facet_Register 43 API calls 17465->17466 17467 96c3ec 17466->17467 17467->17395 17469 983662 std::_Facet_Register 43 API calls 17468->17469 17470 96cfb7 17469->17470 17471 953040 std::_Throw_Cpp_error 43 API calls 17470->17471 17472 96cfee 17471->17472 17472->17395 17484 957350 17473->17484 17475 958029 17502 96ad80 17475->17502 17477 95803d 17479 9580df 17477->17479 17480 958076 std::ios_base::_Ios_base_dtor 17477->17480 17482 988c60 std::_Throw_Cpp_error 41 API calls 17479->17482 17506 9572b0 17480->17506 17481 9580aa 17481->17398 17483 9580e4 17482->17483 17483->17398 17509 954d70 17484->17509 17493 968f00 std::_Throw_Cpp_error 43 API calls 17494 9573e6 17493->17494 17495 988c60 std::_Throw_Cpp_error 41 API calls 17494->17495 17497 957476 std::ios_base::_Ios_base_dtor 17494->17497 17496 9574c4 17495->17496 17498 984b68 ___std_exception_destroy 14 API calls 17496->17498 17497->17475 17499 957511 17498->17499 17500 984b68 ___std_exception_destroy 14 API calls 17499->17500 17501 957527 std::ios_base::_Ios_base_dtor 17500->17501 17501->17475 17503 96adb4 17502->17503 17504 968f00 std::_Throw_Cpp_error 43 API calls 17503->17504 17505 96adbf 17504->17505 17505->17477 17507 984b05 ___std_exception_copy 42 API calls 17506->17507 17508 95731a 17507->17508 17508->17481 17510 954da6 17509->17510 17511 954dd8 17510->17511 17512 953040 std::_Throw_Cpp_error 43 API calls 17510->17512 17513 96ac50 17511->17513 17512->17511 17515 96ac81 17513->17515 17514 96acd3 17515->17514 17516 96e8a0 43 API calls 17515->17516 17517 9573af 17516->17517 17518 96abb0 17517->17518 17519 96abe1 17518->17519 17519->17519 17520 968f00 std::_Throw_Cpp_error 43 API calls 17519->17520 17521 9573c2 17520->17521 17522 96ae20 17521->17522 17525 96e710 17522->17525 17524 9573d1 17524->17493 17526 96e753 17525->17526 17527 9532d0 std::_Throw_Cpp_error 43 API calls 17526->17527 17528 96e758 std::_Locinfo::_Locinfo_ctor 17526->17528 17529 96e843 std::_Locinfo::_Locinfo_ctor 17527->17529 17528->17524 17529->17524 17531 999e32 __Getctype 41 API calls 17530->17531 17532 991336 17531->17532 17533 99a11f __Getctype 41 API calls 17532->17533 17534 97225f 17533->17534 17535 96fd70 17534->17535 17537 96fd84 17535->17537 17539 96fde4 17535->17539 17542 96fdc2 17537->17542 17549 979e20 17537->17549 17538 96ff6c 17538->17406 17544 96fe74 17539->17544 17571 9701e0 17539->17571 17542->17539 17543 979e20 43 API calls 17542->17543 17546 96fe58 17542->17546 17543->17546 17544->17406 17545 96fecc 17545->17538 17548 979e20 43 API calls 17545->17548 17575 9708f0 17545->17575 17546->17544 17567 971430 17546->17567 17548->17545 17550 979f76 17549->17550 17551 979e62 17549->17551 17552 953330 43 API calls 17550->17552 17553 979e7c 17551->17553 17554 979eca 17551->17554 17555 979eba 17551->17555 17556 979f7b 17552->17556 17557 983662 std::_Facet_Register 43 API calls 17553->17557 17560 983662 std::_Facet_Register 43 API calls 17554->17560 17564 979e9a std::_Locinfo::_Locinfo_ctor 17554->17564 17555->17553 17555->17556 17558 952b50 Concurrency::cancel_current_task 43 API calls 17556->17558 17559 979e8f 17557->17559 17561 979f80 17558->17561 17559->17561 17559->17564 17560->17564 17562 988c60 std::_Throw_Cpp_error 41 API calls 17561->17562 17563 979f85 17562->17563 17565 9777d0 41 API calls 17564->17565 17566 979f47 17565->17566 17566->17542 17568 971443 17567->17568 17569 971471 17568->17569 17570 979e20 43 API calls 17568->17570 17569->17539 17570->17569 17572 9701f0 17571->17572 17573 979e20 43 API calls 17572->17573 17574 970260 17572->17574 17573->17572 17574->17545 17576 971430 43 API calls 17575->17576 17579 9708fc 17576->17579 17577 979e20 43 API calls 17581 970995 17577->17581 17578 97090a 17578->17545 17579->17578 17580 979e20 43 API calls 17579->17580 17579->17581 17580->17579 17581->17577 17581->17578 17583 96ec6d 17582->17583 17584 967ef0 43 API calls 17583->17584 17585 96ec8d 17584->17585 17687 9716c0 17585->17687 17587 96ecdf 17587->17412 17589 96ee46 17588->17589 17614 96ef1f std::ios_base::_Ios_base_dtor 17588->17614 17590 96f425 17589->17590 17593 96e8a0 43 API calls 17589->17593 17597 988c60 std::_Throw_Cpp_error 41 API calls 17590->17597 17591 968f00 std::_Throw_Cpp_error 43 API calls 17592 96ef5b 17591->17592 17594 96ef6a 17592->17594 17602 96f191 17592->17602 17595 96ee79 17593->17595 17596 96f440 56 API calls 17594->17596 17598 968f00 std::_Throw_Cpp_error 43 API calls 17595->17598 17599 96ef79 17596->17599 17600 96f42f 17597->17600 17601 96ee93 17598->17601 17608 953040 std::_Throw_Cpp_error 43 API calls 17599->17608 17603 988c60 std::_Throw_Cpp_error 41 API calls 17600->17603 17604 968f00 std::_Throw_Cpp_error 43 API calls 17601->17604 17602->17602 17609 953040 std::_Throw_Cpp_error 43 API calls 17602->17609 17605 96f434 17603->17605 17607 96eee3 17604->17607 17606 988c60 std::_Throw_Cpp_error 41 API calls 17605->17606 17634 96f375 std::ios_base::_Ios_base_dtor 17606->17634 17607->17590 17607->17614 17610 96efba 17608->17610 17611 96f1c9 17609->17611 17615 968f00 std::_Throw_Cpp_error 43 API calls 17610->17615 17612 96fbf0 43 API calls 17611->17612 17616 96f1e0 17612->17616 17613 988c60 std::_Throw_Cpp_error 41 API calls 17617 96f43e 17613->17617 17614->17591 17618 96efcd 17615->17618 17619 968f00 std::_Throw_Cpp_error 43 API calls 17616->17619 17620 96e710 43 API calls 17618->17620 17625 96f22f std::ios_base::_Ios_base_dtor 17619->17625 17621 96f019 17620->17621 17622 968f00 std::_Throw_Cpp_error 43 API calls 17621->17622 17623 96f032 17622->17623 17624 968f00 std::_Throw_Cpp_error 43 API calls 17623->17624 17626 96f081 std::ios_base::_Ios_base_dtor 17624->17626 17625->17605 17628 96f161 std::ios_base::_Ios_base_dtor 17625->17628 17626->17600 17626->17628 17627 953040 std::_Throw_Cpp_error 43 API calls 17629 96f30c 17627->17629 17628->17627 17633 96f3f2 std::ios_base::_Ios_base_dtor 17628->17633 17630 96fbf0 43 API calls 17629->17630 17631 96f323 17630->17631 17632 968f00 std::_Throw_Cpp_error 43 API calls 17631->17632 17632->17634 17633->17427 17634->17613 17634->17633 17758 954e30 17635->17758 17638 954e30 43 API calls 17639 95762b 17638->17639 17640 96ace0 43 API calls 17639->17640 17641 957640 17640->17641 17642 96abb0 43 API calls 17641->17642 17643 957656 17642->17643 17644 96e710 43 API calls 17643->17644 17646 95766d std::ios_base::_Ios_base_dtor 17644->17646 17645 957a09 17647 988c60 std::_Throw_Cpp_error 41 API calls 17645->17647 17646->17645 17648 95770a std::ios_base::_Ios_base_dtor 17646->17648 17649 957a0e 17647->17649 17651 957350 43 API calls 17648->17651 17650 988c60 std::_Throw_Cpp_error 41 API calls 17649->17650 17652 957a13 17650->17652 17653 9577a4 17651->17653 17654 968f00 std::_Throw_Cpp_error 43 API calls 17653->17654 17655 9577b9 17654->17655 17656 96e710 43 API calls 17655->17656 17657 95780c 17656->17657 17658 968f00 std::_Throw_Cpp_error 43 API calls 17657->17658 17659 957828 17658->17659 17660 96ad80 43 API calls 17659->17660 17662 957879 std::ios_base::_Ios_base_dtor 17660->17662 17661 957975 std::ios_base::_Ios_base_dtor 17663 9572b0 42 API calls 17661->17663 17662->17649 17662->17661 17664 9579ca 17663->17664 17664->17435 17666 96f630 17665->17666 17672 96f4c9 std::ios_base::_Ios_base_dtor std::_Locinfo::_Locinfo_ctor 17665->17672 17666->17443 17668 96f647 17670 988c60 std::_Throw_Cpp_error 41 API calls 17668->17670 17669 9532d0 std::_Throw_Cpp_error 43 API calls 17669->17672 17673 96f651 17670->17673 17671 968f00 std::_Throw_Cpp_error 43 API calls 17671->17672 17672->17666 17672->17668 17672->17669 17672->17671 17762 9534a0 17672->17762 17673->17443 17673->17673 17675 984b68 ___std_exception_destroy 14 API calls 17674->17675 17676 957a61 17675->17676 17677 984b68 ___std_exception_destroy 14 API calls 17676->17677 17678 957a77 17677->17678 17678->17461 17680 9635d1 17679->17680 17681 9635f1 std::ios_base::_Ios_base_dtor 17679->17681 17680->17681 17682 988c60 std::_Throw_Cpp_error 41 API calls 17680->17682 17681->17445 17683 963625 17682->17683 17683->17445 17769 966590 17684->17769 17690 9717d0 17687->17690 17689 9716da std::locale::_Setgloballocale 17689->17587 17691 971809 17690->17691 17697 971838 17690->17697 17692 971923 17691->17692 17695 97181b 17691->17695 17707 971990 17692->17707 17695->17697 17698 979f90 17695->17698 17697->17689 17699 97a0a3 17698->17699 17700 979fc2 17698->17700 17701 953330 43 API calls 17699->17701 17719 97d180 17700->17719 17705 97a000 std::_Locinfo::_Locinfo_ctor 17701->17705 17703 988c60 std::_Throw_Cpp_error 41 API calls 17704 97a0ad 17703->17704 17705->17703 17706 97a05f std::ios_base::_Ios_base_dtor 17705->17706 17706->17697 17708 981cda 43 API calls 17707->17708 17710 97199a 17708->17710 17709 971928 17710->17709 17711 952cf0 std::_Throw_Cpp_error 43 API calls 17710->17711 17712 971a03 17711->17712 17713 96ace0 43 API calls 17712->17713 17714 971a18 17713->17714 17727 957cf0 17714->17727 17716 971a2d 17717 9851eb std::_Throw_Cpp_error RaiseException 17716->17717 17718 971a3e 17717->17718 17720 97d1c9 17719->17720 17721 97d189 17719->17721 17720->17720 17721->17720 17722 97d1a0 17721->17722 17724 983662 std::_Facet_Register 43 API calls 17721->17724 17723 97d1a9 17722->17723 17725 983662 std::_Facet_Register 43 API calls 17722->17725 17723->17705 17724->17722 17726 97d1c2 17725->17726 17726->17705 17728 957350 43 API calls 17727->17728 17729 957d80 17728->17729 17730 96ad80 43 API calls 17729->17730 17731 957d94 17730->17731 17732 957dcd std::ios_base::_Ios_base_dtor 17731->17732 17735 957e33 17731->17735 17733 9572b0 42 API calls 17732->17733 17734 957dfd 17733->17734 17734->17716 17736 988c60 std::_Throw_Cpp_error 41 API calls 17735->17736 17737 957e38 17736->17737 17738 957350 43 API calls 17737->17738 17739 957ece 17738->17739 17740 96ad80 43 API calls 17739->17740 17741 957ee2 17740->17741 17743 957f1b std::ios_base::_Ios_base_dtor 17741->17743 17745 957f81 17741->17745 17742 9572b0 42 API calls 17744 957f4b 17742->17744 17743->17742 17744->17716 17746 988c60 std::_Throw_Cpp_error 41 API calls 17745->17746 17747 957f86 17746->17747 17748 957350 43 API calls 17747->17748 17749 958029 17748->17749 17750 96ad80 43 API calls 17749->17750 17751 95803d 17750->17751 17752 958076 std::ios_base::_Ios_base_dtor 17751->17752 17754 9580df 17751->17754 17753 9572b0 42 API calls 17752->17753 17755 9580aa 17753->17755 17756 988c60 std::_Throw_Cpp_error 41 API calls 17754->17756 17755->17716 17757 9580e4 17756->17757 17757->17716 17759 954e66 17758->17759 17759->17759 17760 954ea8 17759->17760 17761 953040 std::_Throw_Cpp_error 43 API calls 17759->17761 17760->17638 17761->17760 17765 953380 17762->17765 17766 953399 17765->17766 17767 990dc7 54 API calls 17766->17767 17768 9533a7 17767->17768 17768->17672 17770 984b05 ___std_exception_copy 42 API calls 17769->17770 17771 9665ce 17770->17771 17772 984b05 ___std_exception_copy 42 API calls 17771->17772 17773 966601 17772->17773 17773->17441 17775 9a8e07 17774->17775 17778 9a8bf8 17774->17778 17775->15806 17777 9a8d28 std::locale::_Setgloballocale 17777->17775 17779 953130 43 API calls 17777->17779 17778->17777 17781 9887a0 17778->17781 17790 953130 17778->17790 17779->17777 17782 9887d3 17781->17782 17786 9887b7 17781->17786 17783 999e32 __Getctype 41 API calls 17782->17783 17784 9887d8 17783->17784 17785 99a11f __Getctype 41 API calls 17784->17785 17787 9887e8 17785->17787 17786->17778 17787->17786 17788 999a29 51 API calls 17787->17788 17789 98881a 17788->17789 17789->17778 17791 9532b3 17790->17791 17792 95316f 17790->17792 17793 953330 43 API calls 17791->17793 17794 953189 17792->17794 17796 9531d7 17792->17796 17797 9531c7 17792->17797 17795 9532b8 17793->17795 17799 983662 std::_Facet_Register 43 API calls 17794->17799 17798 952b50 Concurrency::cancel_current_task 43 API calls 17795->17798 17800 983662 std::_Facet_Register 43 API calls 17796->17800 17803 95319c std::_Locinfo::_Locinfo_ctor 17796->17803 17797->17794 17797->17795 17798->17803 17799->17803 17800->17803 17801 988c60 std::_Throw_Cpp_error 41 API calls 17802 9532c2 17801->17802 17803->17801 17804 95326b std::ios_base::_Ios_base_dtor 17803->17804 17804->17778 17806 983649 GetSystemTimeAsFileTime 17805->17806 17807 98363d GetSystemTimePreciseAsFileTime 17805->17807 17808 983067 17806->17808 17807->17808 17808->15320

                                                                                                                                              Executed Functions

                                                                                                                                              Function 00A14EB0 Relevance: 18.3, APIs: 12, Instructions: 279networksleepCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • setsockopt.WS2_32(000003C8,0000FFFF,00001006,?,00000008), ref: 00A14F56
                                                                                                                                              • recv.WS2_32(?,00000004,00000002), ref: 00A14F71
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 00A14F75
                                                                                                                                              • recv.WS2_32(00000000,0000000C,00000002,00000000), ref: 00A14FF3
                                                                                                                                              • recv.WS2_32(00000000,0000000C,00000008), ref: 00A15014
                                                                                                                                              • setsockopt.WS2_32(0000FFFF,00001006,?,00000008,?), ref: 00A150B0
                                                                                                                                              • recv.WS2_32(00000000,?,00000008), ref: 00A150CB
                                                                                                                                                • Part of subcall function 00A15940: WSAStartup.WS2_32 ref: 00A1596A
                                                                                                                                                • Part of subcall function 00A15940: getaddrinfo.WS2_32(?,?,?,00AD6328), ref: 00A159EC
                                                                                                                                                • Part of subcall function 00A15940: socket.WS2_32(?,?,?), ref: 00A15A0D
                                                                                                                                                • Part of subcall function 00A15940: connect.WS2_32(00000000,00AA6B31,?), ref: 00A15A21
                                                                                                                                                • Part of subcall function 00A15940: closesocket.WS2_32(00000000), ref: 00A15A2D
                                                                                                                                                • Part of subcall function 00A15940: FreeAddrInfoW.WS2_32(?), ref: 00A15A3A
                                                                                                                                                • Part of subcall function 00A15940: WSACleanup.WS2_32 ref: 00A15A40
                                                                                                                                              • recv.WS2_32(?,00000004,00000008), ref: 00A151D3
                                                                                                                                              • __Xtime_get_ticks.LIBCPMT ref: 00A151DA
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A151E8
                                                                                                                                              • Sleep.KERNELBASE(00000001,00000000,?,00002710,00000000), ref: 00A15261
                                                                                                                                              • Sleep.KERNELBASE(00000064,?,00002710,00000000), ref: 00A15269
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: recv$Sleepsetsockopt$AddrCleanupErrorFreeInfoLastStartupUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@closesocketconnectgetaddrinfosocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3089209366-0
                                                                                                                                              • Opcode ID: cb1d670877d2d2634ab2d82de760fbd0ba15ac7b9efda9953855bd41ac813bdd
                                                                                                                                              • Instruction ID: 3bb2461b908193de92ff72af58803b1dcaf47e776540cfbb1b9ea2ff707b2389
                                                                                                                                              • Opcode Fuzzy Hash: cb1d670877d2d2634ab2d82de760fbd0ba15ac7b9efda9953855bd41ac813bdd
                                                                                                                                              • Instruction Fuzzy Hash: ACB18B71D00308DFEB15DFA8CC49BEDBBB5BB95300F24421AE455AB2D2D7B05985DB81
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00A15940 Relevance: 12.1, APIs: 8, Instructions: 92networkCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 56 a15940-a15972 WSAStartup 57 a15a46-a15a4f 56->57 58 a15978-a159a2 call a377d0 * 2 56->58 63 a159a4-a159a8 58->63 64 a159ae-a159f4 getaddrinfo 58->64 63->57 63->64 65 a15a40 WSACleanup 64->65 66 a159f6-a159fc 64->66 65->57 67 a15a54-a15a5e FreeAddrInfoW 66->67 68 a159fe 66->68 67->65 69 a15a60-a15a68 67->69 70 a15a04-a15a18 socket 68->70 70->65 71 a15a1a-a15a2a connect 70->71 72 a15a50 71->72 73 a15a2c-a15a34 closesocket 71->73 72->67 73->70 74 a15a36-a15a3a FreeAddrInfoW 73->74 74->65
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddrFreeInfo$CleanupStartupclosesocketconnectgetaddrinfosocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 448659506-0
                                                                                                                                              • Opcode ID: c1f23428d9ca26f6003fd3121d9a0615f8aaeb1dd6fe9b90b5bafc33ed966536
                                                                                                                                              • Instruction ID: 72e59fa13e58c42bc80903afa412f0c6118dd9d8ac895212614c70705214e255
                                                                                                                                              • Opcode Fuzzy Hash: c1f23428d9ca26f6003fd3121d9a0615f8aaeb1dd6fe9b90b5bafc33ed966536
                                                                                                                                              • Instruction Fuzzy Hash: EB31CE76904700ABD720DF74DC88A6ABBE5BF85374F144719F8A9961E0D3309845CAA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00959280 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 382libraryloadernetworkCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 75 959280-9592dd call 9663b0 78 959413-959521 call 952df0 call a377d0 75->78 79 9592e3-9592e9 75->79 93 959537-95953f call 968dc0 78->93 94 959523-959535 78->94 80 9592f0-959313 79->80 82 959315-95931f 80->82 83 959324-959331 80->83 85 959403-959406 82->85 86 959333-95933d 83->86 87 959342-95934f 83->87 90 959409-95940d 85->90 86->85 91 959351-95935b 87->91 92 959360-95936d 87->92 90->78 90->80 91->85 95 95936f-959379 92->95 96 95937e-95938b 92->96 99 959544-959597 call a377d0 * 2 93->99 94->99 95->85 97 95938d-959397 96->97 98 959399-9593a6 96->98 97->85 101 9593b4-9593c1 98->101 102 9593a8-9593b2 98->102 112 959599-9595c8 call a377d0 call 985260 99->112 113 9595cb-9595e1 call a377d0 99->113 104 9593c3-9593cd 101->104 105 9593cf-9593dc 101->105 102->85 104->85 107 9593de-9593e8 105->107 108 9593ea-9593f4 105->108 107->85 108->90 111 9593f6-9593ff 108->111 111->85 112->113 118 9595e7-9595ed 113->118 119 9596e2 113->119 121 9595f0-9596ce GetModuleHandleA GetProcAddress WSASend 118->121 122 9596e6-9596f0 119->122 124 9596d4-9596dc 121->124 125 95975f-959763 121->125 126 9596f2-9596fe 122->126 127 95971e-95973d 122->127 124->119 124->121 125->122 128 959714-95971b call 9838e3 126->128 129 959700-95970e 126->129 130 95976f-959796 127->130 131 95973f-95974b 127->131 128->127 129->128 132 959797-9597fe call 988c60 call 952df0 * 2 129->132 134 959765-95976c call 9838e3 131->134 135 95974d-95975b 131->135 134->130 135->132 139 95975d 135->139 139->134
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(Ws2_32.dll,?,?,?,?,00A9A4DC,00000000,74D723A0,-00AD6880), ref: 009596A6
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 009596B4
                                                                                                                                              • WSASend.WS2_32(?,?,00000001,00000000,00000000,00000000,00000000,?,?,?,?,00A9A4DC,00000000,74D723A0,-00AD6880), ref: 009596C9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProcSend
                                                                                                                                              • String ID: 4oST$4oST$Ws2_32.dll
                                                                                                                                              • API String ID: 2819740048-1839276265
                                                                                                                                              • Opcode ID: 01acfe58d7ddc1c516b517dfaf33705e77e0733efc61bdd9c40a6e6e34e40756
                                                                                                                                              • Instruction ID: 106a5617bc7ecef934a33f18632718286e4fdccfd3721531f987265eff650645
                                                                                                                                              • Opcode Fuzzy Hash: 01acfe58d7ddc1c516b517dfaf33705e77e0733efc61bdd9c40a6e6e34e40756
                                                                                                                                              • Instruction Fuzzy Hash: 8502EF70D04298DFDF25CFA4C8907ADBBB0FF55314F244289E8856B686D774198ACF92
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00999779 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 146 999779-99979b 147 99998e 146->147 148 9997a1-9997a3 146->148 151 999990-999994 147->151 149 9997cf-9997f2 148->149 150 9997a5-9997c4 call 988bd3 148->150 153 9997f8-9997fe 149->153 154 9997f4-9997f6 149->154 157 9997c7-9997ca 150->157 153->150 156 999800-999811 153->156 154->153 154->156 158 999813-999821 call 99262d 156->158 159 999824-999834 call 9992be 156->159 157->151 158->159 164 99987d-99988f 159->164 165 999836-99983c 159->165 168 999891-999897 164->168 169 9998e6-999906 WriteFile 164->169 166 99983e-999841 165->166 167 999865-99987b call 998e8f 165->167 170 99984c-99985b call 999256 166->170 171 999843-999846 166->171 187 99985e-999860 167->187 175 999899-99989c 168->175 176 9998d2-9998e4 call 99933b 168->176 173 999908-99990e GetLastError 169->173 174 999911 169->174 170->187 171->170 177 999926-999929 171->177 173->174 181 999914-99991f 174->181 182 9998be-9998d0 call 9994ff 175->182 183 99989e-9998a1 175->183 193 9998b9-9998bc 176->193 190 99992c-99992e 177->190 188 999989-99998c 181->188 189 999921-999924 181->189 182->193 183->190 191 9998a7-9998b4 call 999416 183->191 187->181 188->151 189->177 194 99995c-999968 190->194 195 999930-999935 190->195 191->193 193->187 197 99996a-999970 194->197 198 999972-999984 194->198 199 99994e-999957 call 9916b8 195->199 200 999937-999949 195->200 197->147 197->198 198->157 199->157 200->157
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00998E8F: GetConsoleOutputCP.KERNEL32(9A0D8E66,00000000,00000000,?), ref: 00998EF2
                                                                                                                                              • WriteFile.KERNELBASE(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,?), ref: 009998FE
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?), ref: 00999908
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2915228174-0
                                                                                                                                              • Opcode ID: 3c3ebaac4112aa3dc8c82613a53bfcb71e73b30bdc8a74f059ec8cadae7dfeb1
                                                                                                                                              • Instruction ID: 5172a3475b726c09966dcc9de5aa57059a5d15c523ce1b6aed31572088391e47
                                                                                                                                              • Opcode Fuzzy Hash: 3c3ebaac4112aa3dc8c82613a53bfcb71e73b30bdc8a74f059ec8cadae7dfeb1
                                                                                                                                              • Instruction Fuzzy Hash: 7A61B171C0411AAFDF11DFACC884AEEBBB9AF4A304F18054DE900A7256D736D941CBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00998DEF Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 203 998def-998e03 call 99e92e 206 998e09-998e11 203->206 207 998e05-998e07 203->207 209 998e1c-998e1f 206->209 210 998e13-998e1a 206->210 208 998e57-998e77 call 99e89d 207->208 220 998e89 208->220 221 998e79-998e87 call 9916b8 208->221 213 998e3d-998e4d call 99e92e FindCloseChangeNotification 209->213 214 998e21-998e25 209->214 210->209 212 998e27-998e3b call 99e92e * 2 210->212 212->207 212->213 213->207 223 998e4f-998e55 GetLastError 213->223 214->212 214->213 225 998e8b-998e8e 220->225 221->225 223->208
                                                                                                                                              APIs
                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000,00000000,?,?,00998CD6,00000000,?,00AC7178,0000000C,00998D92,?,?,?), ref: 00998E45
                                                                                                                                              • GetLastError.KERNEL32(?,00998CD6,00000000,?,00AC7178,0000000C,00998D92,?,?,?), ref: 00998E4F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1687624791-0
                                                                                                                                              • Opcode ID: f57da5201e89efa948f1803125ec02dae3a2772832bdbe7b061fb8820b4f7bf8
                                                                                                                                              • Instruction ID: 3ca758f95e4a304da1a5a78a98ec607a8051bc523ba9d302bbfb6622e39c7705
                                                                                                                                              • Opcode Fuzzy Hash: f57da5201e89efa948f1803125ec02dae3a2772832bdbe7b061fb8820b4f7bf8
                                                                                                                                              • Instruction Fuzzy Hash: 27110832A142105ADE26BAFCAC59B7F278D8BC3734F29065DF919972D2DF219C818191
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0099250C Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 228 99250c-992524 call 99e92e 231 99253a-992550 SetFilePointerEx 228->231 232 992526-99252d 228->232 234 992552-992563 GetLastError call 9916b8 231->234 235 992565-99256f 231->235 233 992534-992538 232->233 236 99258b-99258e 233->236 234->233 235->233 238 992571-992586 235->238 238->236
                                                                                                                                              APIs
                                                                                                                                              • SetFilePointerEx.KERNELBASE(00000000,?,?,?,?,?,00000000,?,?,?,00992616,?,?,?,?,?), ref: 00992548
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00992616,?,?,?,?,?,00000000,?,00000000), ref: 00992555
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                              • Opcode ID: 0abbb72c5aeefd9bbfdd6f6f42e87f21a16005abe0e8911c2e8a9a23e84dac45
                                                                                                                                              • Instruction ID: 0c70c042d466dcd76196c4adbcb829d3c92fefb935c53c8986530b0975581944
                                                                                                                                              • Opcode Fuzzy Hash: 0abbb72c5aeefd9bbfdd6f6f42e87f21a16005abe0e8911c2e8a9a23e84dac45
                                                                                                                                              • Instruction Fuzzy Hash: 3001C432610515BFCF09CF69DC159AE3B69EB85320B250208F8119B290E671ED52CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009532D0 Relevance: 1.5, APIs: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 298 9532d0-9532e0 299 953306-953308 298->299 300 9532e2-9532e7 298->300 301 953318-95331e 299->301 302 95330a-953317 call 983662 299->302 303 95331f call 952b50 300->303 304 9532e9-9532ea call 983662 300->304 309 953324-953329 call 988c60 303->309 310 9532ef-9532f6 304->310 310->309 311 9532f8-953305 310->311
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0095331F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                              • Opcode ID: 88e0f75f83d5f9e69285ef2088a1dfdc1055322beeb667a90db4e8c6ac7f301f
                                                                                                                                              • Instruction ID: 6fdb47c5ac49e54f347aea3f6d129290e52db4a6ef10108fb6f58720a3134ab4
                                                                                                                                              • Opcode Fuzzy Hash: 88e0f75f83d5f9e69285ef2088a1dfdc1055322beeb667a90db4e8c6ac7f301f
                                                                                                                                              • Instruction Fuzzy Hash: D5F0BB711001049BCB14BF65D4159E9B3ECDF543D2750857AEC8DC7212FB36DA548790
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0099A64C Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 314 99a64c-99a657 315 99a659-99a663 314->315 316 99a665-99a66b 314->316 315->316 317 99a699-99a6a4 call 9916ef 315->317 318 99a66d-99a66e 316->318 319 99a684-99a695 RtlAllocateHeap 316->319 323 99a6a6-99a6a8 317->323 318->319 320 99a670-99a677 call 998270 319->320 321 99a697 319->321 320->317 327 99a679-99a682 call 995a79 320->327 321->323 327->317 327->319
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000001), ref: 0099A68D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: 3c9d2c3607db7cb1f3efa9b85f924e21c95b0eb4cf1bff84d269e929258fbedd
                                                                                                                                              • Instruction ID: 8f4b3fd6da07a9a65d030053f0d63573deae6003328e135aa6a4c7cef8a310b9
                                                                                                                                              • Opcode Fuzzy Hash: 3c9d2c3607db7cb1f3efa9b85f924e21c95b0eb4cf1bff84d269e929258fbedd
                                                                                                                                              • Instruction Fuzzy Hash: 30F089336116256BEF225B6FDC05B5B374DEF92770B1D8112E809DA1A0DB34DC0186E6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0099B086 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 330 99b086-99b092 331 99b0c4-99b0cf call 9916ef 330->331 332 99b094-99b096 330->332 339 99b0d1-99b0d3 331->339 334 99b098-99b099 332->334 335 99b0af-99b0c0 RtlAllocateHeap 332->335 334->335 337 99b09b-99b0a2 call 998270 335->337 338 99b0c2 335->338 337->331 342 99b0a4-99b0ad call 995a79 337->342 338->339 342->331 342->335
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,00000001,?), ref: 0099B0B8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: 8b05ab11a9257f0ffc88b8b685391e940728f0bbeb7de58aff77dfc3d50e973f
                                                                                                                                              • Instruction ID: bd6261fb7de39da447976367b093bd3688e7820e7bfc2c9f6c2d0231a173a8bc
                                                                                                                                              • Opcode Fuzzy Hash: 8b05ab11a9257f0ffc88b8b685391e940728f0bbeb7de58aff77dfc3d50e973f
                                                                                                                                              • Instruction Fuzzy Hash: C7E06D316016216BEE312BAEFE04B5F364DAF823A0F150125FD29E70D5DB2DDC0082E1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 00A1C630 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 240injectionmemorysynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 00A1C6A1
                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000), ref: 00A1C6BD
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 00A1C6F2
                                                                                                                                              • VirtualAllocEx.KERNEL32(?,00000000,00001000,00003000,00000040), ref: 00A1C71B
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,00000000,?,00000218,00000000), ref: 00A1C8BF
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,00000218,00A1C990,-00000010,00000000), ref: 00A1C8E1
                                                                                                                                              • CreateRemoteThread.KERNEL32(?,00000000,00000000,00000218,00000000,00000000,00000000), ref: 00A1C8F4
                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00A1C8FD
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MemoryProcessWrite$AllocVirtual$CreateObjectRemoteSingleThreadWait
                                                                                                                                              • String ID: %s|%s$131$4oST
                                                                                                                                              • API String ID: 2137838514-1634972829
                                                                                                                                              • Opcode ID: 6b11d5fb82952678321389a7154d2c837a9af193c08aefa0415ab425549ecd96
                                                                                                                                              • Instruction ID: 9fc06e28fcefd7f3dab7efc937a8d73789dfc8d6010d4a3f176fb793bf33002c
                                                                                                                                              • Opcode Fuzzy Hash: 6b11d5fb82952678321389a7154d2c837a9af193c08aefa0415ab425549ecd96
                                                                                                                                              • Instruction Fuzzy Hash: DEB169B1D002089FDB14CFA4CC85BEEBBB1FF48310F104259E549AB291D775AA85CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009A32E1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,009A35F3,?,?), ref: 009A337A
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,009A35F3,?,?), ref: 009A33A3
                                                                                                                                              • GetACP.KERNEL32(?,?,009A35F3,?,?), ref: 009A33B8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLocale
                                                                                                                                              • String ID: ACP$OCP
                                                                                                                                              • API String ID: 2299586839-711371036
                                                                                                                                              • Opcode ID: 8a72cdb63c62accd318503721ebe4564ed29f88a73129d630e20df655d3c72b4
                                                                                                                                              • Instruction ID: 7ed824a55a06018cdc24b6dfc1748fae4a84cb78f1d33b3e99038aec0305343e
                                                                                                                                              • Opcode Fuzzy Hash: 8a72cdb63c62accd318503721ebe4564ed29f88a73129d630e20df655d3c72b4
                                                                                                                                              • Instruction Fuzzy Hash: 8421A132608105AADF348F59D905B9B73AAAF52B50BD6C524F906DB150EF32DF41C3D0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009A34BD Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00999E32: GetLastError.KERNEL32(00000000,?,0099F819), ref: 00999E36
                                                                                                                                                • Part of subcall function 00999E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00999ED8
                                                                                                                                              • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 009A35C5
                                                                                                                                              • IsValidCodePage.KERNEL32(?), ref: 009A3603
                                                                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 009A3616
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 009A365E
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 009A3679
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 415426439-0
                                                                                                                                              • Opcode ID: 05942d18241a67f2866d612c7272348ae445fdaad66960f5cc8b78f3711c31e2
                                                                                                                                              • Instruction ID: 46131206798311c67b51aa247079fbc17fe4f88a0dd2e578e8e6868e170b812c
                                                                                                                                              • Opcode Fuzzy Hash: 05942d18241a67f2866d612c7272348ae445fdaad66960f5cc8b78f3711c31e2
                                                                                                                                              • Instruction Fuzzy Hash: 8F514F71E00206AFDB10DFA9DC45BBA77B8EF4A700F148469B915EB191EB70DA44CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009A2B48 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00999E32: GetLastError.KERNEL32(00000000,?,0099F819), ref: 00999E36
                                                                                                                                                • Part of subcall function 00999E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00999ED8
                                                                                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,009972F0,?,?,?,?,?,-00000050,?,?,?), ref: 009A2C07
                                                                                                                                              • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,009972F0,?,?,?,?,?,-00000050,?,?), ref: 009A2C3E
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,?,00000000,?), ref: 009A2DA1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                              • String ID: utf8
                                                                                                                                              • API String ID: 607553120-905460609
                                                                                                                                              • Opcode ID: 7102289a83dc41624b67b6dd821761cf539dec600520880eb3b5466469f6b5b7
                                                                                                                                              • Instruction ID: 7636616035ffa846e2d79823757621326088d1bc1fc548aa69116660d10f6999
                                                                                                                                              • Opcode Fuzzy Hash: 7102289a83dc41624b67b6dd821761cf539dec600520880eb3b5466469f6b5b7
                                                                                                                                              • Instruction Fuzzy Hash: 8F71E675600306AADB24AF7CCC46BBA73ACEF46710F14496AF945DB1C2EB74E94187E0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0098C950 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d832fe2a0f42001a57c9b2c34ab75cd1b9a187cae735d2738bff895b2773b599
                                                                                                                                              • Instruction ID: 1fef4ad94d06fa0401d1450b479c981d5eb3380a4d3a0c3779392ed6a9507fc6
                                                                                                                                              • Opcode Fuzzy Hash: d832fe2a0f42001a57c9b2c34ab75cd1b9a187cae735d2738bff895b2773b599
                                                                                                                                              • Instruction Fuzzy Hash: 6C022CB1E012199BDF14DFA9D8806AEFBF5FF48314F248269E919E7381D731A941CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009A79D3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlDecodePointer.NTDLL(?), ref: 009A79EC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DecodePointer
                                                                                                                                              • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                              • API String ID: 3527080286-3064271455
                                                                                                                                              • Opcode ID: b94d92d4c896a4e4556b8ace7e140cac47d94f04e344e1c231aff12f86413431
                                                                                                                                              • Instruction ID: 4471d6d2dea7e4cb852bd723ee08abc4c214f1c785bd92a2cedba18b6bc26b4d
                                                                                                                                              • Opcode Fuzzy Hash: b94d92d4c896a4e4556b8ace7e140cac47d94f04e344e1c231aff12f86413431
                                                                                                                                              • Instruction Fuzzy Hash: F5518CB090860ADBDF108FE8EC491ADFFB8FB47310F554585D481AB2A4C7788A25CBE5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0099BB58 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _strrchr
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                              • Opcode ID: 88e4da6258101c5fc24b34185784eb547dfa0330ad300027970d950eece25734
                                                                                                                                              • Instruction ID: aae61f5169a5cfa6498d5ca0ed361b3028dc3b30afa7475634b63310d1c618e3
                                                                                                                                              • Opcode Fuzzy Hash: 88e4da6258101c5fc24b34185784eb547dfa0330ad300027970d950eece25734
                                                                                                                                              • Instruction Fuzzy Hash: 33B14672E00355AFEF218F6CDD81BEE7BA9EF55310F144155E944AF282E7789901C7A0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009872C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 009872F7
                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 009872FF
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00987388
                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 009873B3
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00987408
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                              • String ID: csm
                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                              • Opcode ID: 39cabb8ec6165f5d07af30a71d1aa6268b6f6d84af06596429af6e0903cc7cfc
                                                                                                                                              • Instruction ID: cc53102c2690cefdcc35962878267be9f61d80053e88fb81900062deb119c5ef
                                                                                                                                              • Opcode Fuzzy Hash: 39cabb8ec6165f5d07af30a71d1aa6268b6f6d84af06596429af6e0903cc7cfc
                                                                                                                                              • Instruction Fuzzy Hash: 3F418534A042099BCF10EFA8D885B9EFBA9BF45314F248156EC199B392D731DD11DBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0099B370 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,0099B47F,?,?,00000000,00000001,?,?,0099B6A9,00000022,FlsSetValue,00AAEB88,00AAEB90,00000001), ref: 0099B431
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                              • Opcode ID: 652d27e1a360d47d6f8fb8cd5f007da12f02ddc7f24210717e5dac826ddef111
                                                                                                                                              • Instruction ID: ead04eca14a1b0525a8e603895f2c23ac8389168c35df8748ce41b4687d0fafd
                                                                                                                                              • Opcode Fuzzy Hash: 652d27e1a360d47d6f8fb8cd5f007da12f02ddc7f24210717e5dac826ddef111
                                                                                                                                              • Instruction Fuzzy Hash: 5A21EB31E42211BBDF21DBB9FD41A6A375CDB52760F240525F906A72E1DB38ED01D6D0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00A152A0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 399COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 149.18.24.96$4oST$4oST$4oST
                                                                                                                                              • API String ID: 0-608211275
                                                                                                                                              • Opcode ID: 72457afa7c26ec47b159f54faeb8a7652c0817b4b7ff1c5aea5de678aa5beb6f
                                                                                                                                              • Instruction ID: 720757b163c08077dd704b51b34a15c862c2e17d16020640ceccb53f00cccb5d
                                                                                                                                              • Opcode Fuzzy Hash: 72457afa7c26ec47b159f54faeb8a7652c0817b4b7ff1c5aea5de678aa5beb6f
                                                                                                                                              • Instruction Fuzzy Hash: A1021170D05288DFDF14DFA8C9457DDBBB0AF94304F148199E8096B382DBB55E88DBA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0096A060 Relevance: 9.1, APIs: 6, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0096A09D
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0096A0BF
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0096A0E7
                                                                                                                                              • __Getctype.LIBCPMT ref: 0096A1C5
                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 0096A1F9
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0096A223
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1102183713-0
                                                                                                                                              • Opcode ID: 58b932eb3aa53ed794171f0908dec8ba0235dcd6831248e1469d4e47561bfae8
                                                                                                                                              • Instruction ID: ec255b31a088cc944efae0a481e5b06c2e73cf1f96eaec5084bf75fc8e00499b
                                                                                                                                              • Opcode Fuzzy Hash: 58b932eb3aa53ed794171f0908dec8ba0235dcd6831248e1469d4e47561bfae8
                                                                                                                                              • Instruction Fuzzy Hash: 975198B0D01249CBDB10DFA8C9417AEBBF4BB11314F24825ED855AB391E774AE45CBD2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00993623 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,9A0D8E66,?,?,00000000,00A9E6D5,000000FF,?,009935FF,?,?,009935D3,00000016), ref: 00993658
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0099366A
                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00A9E6D5,000000FF,?,009935FF,?,?,009935D3,00000016), ref: 0099368C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                              • Opcode ID: f7b56d9a9460e68ccc0bffb274496146eca86cc33292b2bf57917b14722f25c4
                                                                                                                                              • Instruction ID: 63777f7053c6ca99032cb910224cf27d002c96f9e13c0bb929aa5eee50ef590a
                                                                                                                                              • Opcode Fuzzy Hash: f7b56d9a9460e68ccc0bffb274496146eca86cc33292b2bf57917b14722f25c4
                                                                                                                                              • Instruction Fuzzy Hash: DF01A731A4461AFFDB11CF94DC09BAEBBF8FB05715F004629E812A26D0DB749A00CA50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0096C430 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0096C45A
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0096C47C
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0096C4A4
                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 0096C59A
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0096C5C4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 459529453-0
                                                                                                                                              • Opcode ID: b25ad073b055f57aaaa502f3b00227c72593fc4800d1f7a37a1bf6c903425fc6
                                                                                                                                              • Instruction ID: 4926196d4c249a3745c37a37b1f7a460dbd542791d8c3e55b7589adc1e747d8a
                                                                                                                                              • Opcode Fuzzy Hash: b25ad073b055f57aaaa502f3b00227c72593fc4800d1f7a37a1bf6c903425fc6
                                                                                                                                              • Instruction Fuzzy Hash: 2A51BCB0901248DFDB10DF98C854BAEBBF4FF40314F24815AE886AB391D775AA05CBD1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00982BB8 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00982BCC
                                                                                                                                              • RtlAcquireSRWLockExclusive.NTDLL(00000008), ref: 00982BEB
                                                                                                                                              • RtlAcquireSRWLockExclusive.NTDLL(00000008), ref: 00982C19
                                                                                                                                              • RtlTryAcquireSRWLockExclusive.NTDLL(00000008), ref: 00982C74
                                                                                                                                              • RtlTryAcquireSRWLockExclusive.NTDLL(00000008), ref: 00982C8B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 66001078-0
                                                                                                                                              • Opcode ID: bd199f38f842b73857ae5e15347ca24e7b2a49526543f7e75c702356af0838f1
                                                                                                                                              • Instruction ID: 84d6204fb8892a98196829803a24e4a49a650728f36b8bf26ccc01d15dba5bf0
                                                                                                                                              • Opcode Fuzzy Hash: bd199f38f842b73857ae5e15347ca24e7b2a49526543f7e75c702356af0838f1
                                                                                                                                              • Instruction Fuzzy Hash: 2141383190070ADBCB20EF65C485ABEB3F8FF19350B6089AAE486D7750D734E985CB61
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00954900 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0095499F
                                                                                                                                                • Part of subcall function 009851EB: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,74D723A0,?,00981CF9,?,00AC69D8,74D723A0,?,74D723A0,-00AD6880), ref: 0098524B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                                                                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                              • API String ID: 1903096808-1866435925
                                                                                                                                              • Opcode ID: 924b43bfe3c24dc6badbbbf0b5cf839305607749a22d59de463ef359cc4f8616
                                                                                                                                              • Instruction ID: d6f4ad2900c837b70bc534a04d8cdb0ec65de3be94fdb49f043da71aabf76fe1
                                                                                                                                              • Opcode Fuzzy Hash: 924b43bfe3c24dc6badbbbf0b5cf839305607749a22d59de463ef359cc4f8616
                                                                                                                                              • Instruction Fuzzy Hash: B61129B29086447BCB14EF59CC03BA7739CE745B15F044A2DFD58872C2EB35A948CB92
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00998E8F Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetConsoleOutputCP.KERNEL32(9A0D8E66,00000000,00000000,?), ref: 00998EF2
                                                                                                                                                • Part of subcall function 0099EC43: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0099A854,?,00000000,-00000008), ref: 0099ECA4
                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00999144
                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0099918A
                                                                                                                                              • GetLastError.KERNEL32 ref: 0099922D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2112829910-0
                                                                                                                                              • Opcode ID: 00cf357843401ef2f2d57df5cca85d8a3c27f5332b7a708be97d0aaaee37d836
                                                                                                                                              • Instruction ID: b2f356ddd96f2ef04fc17cce9528b4e226d7b511bd7c5b502e6dc0f210a6193c
                                                                                                                                              • Opcode Fuzzy Hash: 00cf357843401ef2f2d57df5cca85d8a3c27f5332b7a708be97d0aaaee37d836
                                                                                                                                              • Instruction Fuzzy Hash: 66D159B5D04249AFCF15CFECC884AADBBB9FF49310F14452EE46AEB251D630A942CB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00982719 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00982720
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0098272B
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00982799
                                                                                                                                                • Part of subcall function 0098287C: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00982894
                                                                                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 00982746
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 677527491-0
                                                                                                                                              • Opcode ID: f2291d3ecb07eb248fbf9aadf8a522ceeb54a17f64b8dd65543bbc47c74f85c3
                                                                                                                                              • Instruction ID: 73b688d71240df85976a9faa15028e6a04ea003940896eb7d7700e47d26265ac
                                                                                                                                              • Opcode Fuzzy Hash: f2291d3ecb07eb248fbf9aadf8a522ceeb54a17f64b8dd65543bbc47c74f85c3
                                                                                                                                              • Instruction Fuzzy Hash: 4501B835A006209BDB06FBB0C85167D7BA1BFC4B80B08400AE8021B3D2CF78AA02CBD1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009A6D22 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,009A3DBC,?,00000001,?,?,?,00999281,?,00000000,00000000), ref: 009A6D39
                                                                                                                                              • GetLastError.KERNEL32(?,009A3DBC,?,00000001,?,?,?,00999281,?,00000000,00000000,?,?,?,0099985B,?), ref: 009A6D45
                                                                                                                                                • Part of subcall function 009A6D0B: CloseHandle.KERNEL32(FFFFFFFE,009A6D55,?,009A3DBC,?,00000001,?,?,?,00999281,?,00000000,00000000,?,?), ref: 009A6D1B
                                                                                                                                              • ___initconout.LIBCMT ref: 009A6D55
                                                                                                                                                • Part of subcall function 009A6CCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,009A6CFC,009A3DA9,?,?,00999281,?,00000000,00000000,?), ref: 009A6CE0
                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,?,00000000,?,009A3DBC,?,00000001,?,?,?,00999281,?,00000000,00000000,?), ref: 009A6D6A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2744216297-0
                                                                                                                                              • Opcode ID: 54bdf9336821a1ee3be4b4bd55afd733415c27f690ef8ff917c4066758cba124
                                                                                                                                              • Instruction ID: 9cd76d18850a98244533a8b622d50ee9c977900d523a9db5623e2fe4ede211b3
                                                                                                                                              • Opcode Fuzzy Hash: 54bdf9336821a1ee3be4b4bd55afd733415c27f690ef8ff917c4066758cba124
                                                                                                                                              • Instruction Fuzzy Hash: CDF01C36200115BBCF225FD1DC04A9A3F6AEB5A3A0F058011FA4D85160C7328C21DBD1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00957350 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 158COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 0095750C
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00957522
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_destroy
                                                                                                                                              • String ID: [json.exception.
                                                                                                                                              • API String ID: 4194217158-791563284
                                                                                                                                              • Opcode ID: be0896ae3997880121d14dc42522d5cc334325d9dba94a4873b5eebf290082af
                                                                                                                                              • Instruction ID: 40cba5a73ce9c3beae9baa5987eeb87b3ea6873a8eb0889b0dd4515a65411744
                                                                                                                                              • Opcode Fuzzy Hash: be0896ae3997880121d14dc42522d5cc334325d9dba94a4873b5eebf290082af
                                                                                                                                              • Instruction Fuzzy Hash: 5251D2B1D04248AFDB00DFA8C90579EFBB4EF51314F144269E850A73C2E7B59A48CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009547F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0095499F
                                                                                                                                                • Part of subcall function 009851EB: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,74D723A0,?,00981CF9,?,00AC69D8,74D723A0,?,74D723A0,-00AD6880), ref: 0098524B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                                                                                                                              • String ID: ios_base::badbit set$ios_base::failbit set
                                                                                                                                              • API String ID: 1903096808-1240500531
                                                                                                                                              • Opcode ID: ba8eabeba5546a6fdb279516ceb800aafb5869788af23b3b94afcf7dce2e742c
                                                                                                                                              • Instruction ID: 6abc25365b1247b4f06ba4c03de77988bb822f24498e3dc42348d473cce0a299
                                                                                                                                              • Opcode Fuzzy Hash: ba8eabeba5546a6fdb279516ceb800aafb5869788af23b3b94afcf7dce2e742c
                                                                                                                                              • Instruction Fuzzy Hash: 9E4114B1D04248ABCB04DF59CC46BAEBBF8EB45710F14821DF954A7381D7759A44CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00954040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00954061
                                                                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 009540C4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000005.00000002.3566828903.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000005.00000002.3566774463.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3566828903.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567339352.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000005.00000002.3567534748.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_5_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                              • String ID: bad locale name
                                                                                                                                              • API String ID: 3988782225-1405518554
                                                                                                                                              • Opcode ID: 9bd739009a4ed28e1469816856044356854c2143caf7c8076078642ac51b258d
                                                                                                                                              • Instruction ID: 2c28fe2e4c81266ec7048f848bd458b224d7ea4f504d27445c2fb45fb7c35a15
                                                                                                                                              • Opcode Fuzzy Hash: 9bd739009a4ed28e1469816856044356854c2143caf7c8076078642ac51b258d
                                                                                                                                              • Instruction Fuzzy Hash: C1110370805B84EED721CF68C50474BBFF4AF15714F108A9DD08587B82D3B59A08C7A1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Executed Functions

                                                                                                                                              Function 00A14EB0 Relevance: 18.3, APIs: 12, Instructions: 279networksleepCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • setsockopt.WS2_32(000003AC,0000FFFF,00001006,?,00000008), ref: 00A14F56
                                                                                                                                              • recv.WS2_32(?,00000004,00000002), ref: 00A14F71
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 00A14F75
                                                                                                                                              • recv.WS2_32(00000000,0000000C,00000002,00000000), ref: 00A14FF3
                                                                                                                                              • recv.WS2_32(00000000,0000000C,00000008), ref: 00A15014
                                                                                                                                              • setsockopt.WS2_32(0000FFFF,00001006,?,00000008,?), ref: 00A150B0
                                                                                                                                              • recv.WS2_32(00000000,?,00000008), ref: 00A150CB
                                                                                                                                                • Part of subcall function 00A15940: WSAStartup.WS2_32 ref: 00A1596A
                                                                                                                                                • Part of subcall function 00A15940: getaddrinfo.WS2_32(?,?,?,00AD6328), ref: 00A159EC
                                                                                                                                                • Part of subcall function 00A15940: socket.WS2_32(?,?,?), ref: 00A15A0D
                                                                                                                                                • Part of subcall function 00A15940: connect.WS2_32(00000000,00AA6B31,?), ref: 00A15A21
                                                                                                                                                • Part of subcall function 00A15940: closesocket.WS2_32(00000000), ref: 00A15A2D
                                                                                                                                                • Part of subcall function 00A15940: FreeAddrInfoW.WS2_32(?), ref: 00A15A3A
                                                                                                                                                • Part of subcall function 00A15940: WSACleanup.WS2_32 ref: 00A15A40
                                                                                                                                              • recv.WS2_32(?,00000004,00000008), ref: 00A151D3
                                                                                                                                              • __Xtime_get_ticks.LIBCPMT ref: 00A151DA
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A151E8
                                                                                                                                              • Sleep.KERNELBASE(00000001,00000000,?,00002710,00000000), ref: 00A15261
                                                                                                                                              • Sleep.KERNELBASE(00000064,?,00002710,00000000), ref: 00A15269
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: recv$Sleepsetsockopt$AddrCleanupErrorFreeInfoLastStartupUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@closesocketconnectgetaddrinfosocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3089209366-0
                                                                                                                                              • Opcode ID: cb1d670877d2d2634ab2d82de760fbd0ba15ac7b9efda9953855bd41ac813bdd
                                                                                                                                              • Instruction ID: 3bb2461b908193de92ff72af58803b1dcaf47e776540cfbb1b9ea2ff707b2389
                                                                                                                                              • Opcode Fuzzy Hash: cb1d670877d2d2634ab2d82de760fbd0ba15ac7b9efda9953855bd41ac813bdd
                                                                                                                                              • Instruction Fuzzy Hash: ACB18B71D00308DFEB15DFA8CC49BEDBBB5BB95300F24421AE455AB2D2D7B05985DB81
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00A15940 Relevance: 12.1, APIs: 8, Instructions: 92networkCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 56 a15940-a15972 WSAStartup 57 a15a46-a15a4f 56->57 58 a15978-a159a2 call a377d0 * 2 56->58 63 a159a4-a159a8 58->63 64 a159ae-a159f4 getaddrinfo 58->64 63->57 63->64 65 a15a40 WSACleanup 64->65 66 a159f6-a159fc 64->66 65->57 67 a15a54-a15a5e FreeAddrInfoW 66->67 68 a159fe 66->68 67->65 69 a15a60-a15a68 67->69 70 a15a04-a15a18 socket 68->70 70->65 71 a15a1a-a15a2a connect 70->71 72 a15a50 71->72 73 a15a2c-a15a34 closesocket 71->73 72->67 73->70 74 a15a36-a15a3a FreeAddrInfoW 73->74 74->65
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddrFreeInfo$CleanupStartupclosesocketconnectgetaddrinfosocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 448659506-0
                                                                                                                                              • Opcode ID: c1f23428d9ca26f6003fd3121d9a0615f8aaeb1dd6fe9b90b5bafc33ed966536
                                                                                                                                              • Instruction ID: 72e59fa13e58c42bc80903afa412f0c6118dd9d8ac895212614c70705214e255
                                                                                                                                              • Opcode Fuzzy Hash: c1f23428d9ca26f6003fd3121d9a0615f8aaeb1dd6fe9b90b5bafc33ed966536
                                                                                                                                              • Instruction Fuzzy Hash: EB31CE76904700ABD720DF74DC88A6ABBE5BF85374F144719F8A9961E0D3309845CAA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00959280 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 382libraryloadernetworkCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 75 959280-9592dd call 9663b0 78 959413-959521 call 952df0 call a377d0 75->78 79 9592e3-9592e9 75->79 93 959537-95953f call 968dc0 78->93 94 959523-959535 78->94 80 9592f0-959313 79->80 82 959315-95931f 80->82 83 959324-959331 80->83 85 959403-959406 82->85 86 959333-95933d 83->86 87 959342-95934f 83->87 89 959409-95940d 85->89 86->85 90 959351-95935b 87->90 91 959360-95936d 87->91 89->78 89->80 90->85 95 95936f-959379 91->95 96 95937e-95938b 91->96 99 959544-959597 call a377d0 * 2 93->99 94->99 95->85 97 95938d-959397 96->97 98 959399-9593a6 96->98 97->85 101 9593b4-9593c1 98->101 102 9593a8-9593b2 98->102 112 959599-9595c8 call a377d0 call 985260 99->112 113 9595cb-9595e1 call a377d0 99->113 104 9593c3-9593cd 101->104 105 9593cf-9593dc 101->105 102->85 104->85 107 9593de-9593e8 105->107 108 9593ea-9593f4 105->108 107->85 108->89 111 9593f6-9593ff 108->111 111->85 112->113 118 9595e7-9595ed 113->118 119 9596e2 113->119 121 9595f0-9596ce GetModuleHandleA GetProcAddress WSASend 118->121 122 9596e6-9596f0 119->122 124 9596d4-9596dc 121->124 125 95975f-959763 121->125 126 9596f2-9596fe 122->126 127 95971e-95973d 122->127 124->119 124->121 125->122 128 959714-95971b call 9838e3 126->128 129 959700-95970e 126->129 130 95976f-959796 127->130 131 95973f-95974b 127->131 128->127 129->128 132 959797-9597fe call 988c60 call 952df0 * 2 129->132 134 959765-95976c call 9838e3 131->134 135 95974d-95975b 131->135 134->130 135->132 139 95975d 135->139 139->134
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(Ws2_32.dll,?,?,?,?,00A9A4DC,00000000,74D723A0,-00AD6880), ref: 009596A6
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 009596B4
                                                                                                                                              • WSASend.WS2_32(?,?,00000001,00000000,00000000,00000000,00000000,?,?,?,?,00A9A4DC,00000000,74D723A0,-00AD6880), ref: 009596C9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProcSend
                                                                                                                                              • String ID: 4oST$4oST$Ws2_32.dll
                                                                                                                                              • API String ID: 2819740048-1839276265
                                                                                                                                              • Opcode ID: 01acfe58d7ddc1c516b517dfaf33705e77e0733efc61bdd9c40a6e6e34e40756
                                                                                                                                              • Instruction ID: 106a5617bc7ecef934a33f18632718286e4fdccfd3721531f987265eff650645
                                                                                                                                              • Opcode Fuzzy Hash: 01acfe58d7ddc1c516b517dfaf33705e77e0733efc61bdd9c40a6e6e34e40756
                                                                                                                                              • Instruction Fuzzy Hash: 8502EF70D04298DFDF25CFA4C8907ADBBB0FF55314F244289E8856B686D774198ACF92
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00999779 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 146 999779-99979b 147 99998e 146->147 148 9997a1-9997a3 146->148 151 999990-999994 147->151 149 9997cf-9997f2 148->149 150 9997a5-9997c4 call 988bd3 148->150 153 9997f8-9997fe 149->153 154 9997f4-9997f6 149->154 157 9997c7-9997ca 150->157 153->150 156 999800-999811 153->156 154->153 154->156 158 999813-999821 call 99262d 156->158 159 999824-999834 call 9992be 156->159 157->151 158->159 164 99987d-99988f 159->164 165 999836-99983c 159->165 166 999891-999897 164->166 167 9998e6-999906 WriteFile 164->167 168 99983e-999841 165->168 169 999865-99987b call 998e8f 165->169 170 999899-99989c 166->170 171 9998d2-9998e4 call 99933b 166->171 174 999908-99990e GetLastError 167->174 175 999911 167->175 172 99984c-99985b call 999256 168->172 173 999843-999846 168->173 191 99985e-999860 169->191 177 9998be-9998d0 call 9994ff 170->177 178 99989e-9998a1 170->178 196 9998b9-9998bc 171->196 172->191 173->172 179 999926-999929 173->179 174->175 183 999914-99991f 175->183 177->196 186 99992c-99992e 178->186 187 9998a7-9998b4 call 999416 178->187 179->186 184 999989-99998c 183->184 185 999921-999924 183->185 184->151 185->179 192 99995c-999968 186->192 193 999930-999935 186->193 187->196 191->183 199 99996a-999970 192->199 200 999972-999984 192->200 197 99994e-999957 call 9916b8 193->197 198 999937-999949 193->198 196->191 197->157 198->157 199->147 199->200 200->157
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00998E8F: GetConsoleOutputCP.KERNEL32(9B16A19C,00000000,00000000,?), ref: 00998EF2
                                                                                                                                              • WriteFile.KERNELBASE(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,?), ref: 009998FE
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?), ref: 00999908
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2915228174-0
                                                                                                                                              • Opcode ID: 3c3ebaac4112aa3dc8c82613a53bfcb71e73b30bdc8a74f059ec8cadae7dfeb1
                                                                                                                                              • Instruction ID: 5172a3475b726c09966dcc9de5aa57059a5d15c523ce1b6aed31572088391e47
                                                                                                                                              • Opcode Fuzzy Hash: 3c3ebaac4112aa3dc8c82613a53bfcb71e73b30bdc8a74f059ec8cadae7dfeb1
                                                                                                                                              • Instruction Fuzzy Hash: 7A61B171C0411AAFDF11DFACC884AEEBBB9AF4A304F18054DE900A7256D736D941CBA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00998DEF Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 203 998def-998e03 call 99e92e 206 998e09-998e11 203->206 207 998e05-998e07 203->207 209 998e1c-998e1f 206->209 210 998e13-998e1a 206->210 208 998e57-998e77 call 99e89d 207->208 220 998e89 208->220 221 998e79-998e87 call 9916b8 208->221 212 998e3d-998e4d call 99e92e FindCloseChangeNotification 209->212 213 998e21-998e25 209->213 210->209 211 998e27-998e3b call 99e92e * 2 210->211 211->207 211->212 212->207 224 998e4f-998e55 GetLastError 212->224 213->211 213->212 222 998e8b-998e8e 220->222 221->222 224->208
                                                                                                                                              APIs
                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000,00000000,?,?,00998CD6,00000000,?,00AC7178,0000000C,00998D92,?,?,?), ref: 00998E45
                                                                                                                                              • GetLastError.KERNEL32(?,00998CD6,00000000,?,00AC7178,0000000C,00998D92,?,?,?), ref: 00998E4F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1687624791-0
                                                                                                                                              • Opcode ID: f57da5201e89efa948f1803125ec02dae3a2772832bdbe7b061fb8820b4f7bf8
                                                                                                                                              • Instruction ID: 3ca758f95e4a304da1a5a78a98ec607a8051bc523ba9d302bbfb6622e39c7705
                                                                                                                                              • Opcode Fuzzy Hash: f57da5201e89efa948f1803125ec02dae3a2772832bdbe7b061fb8820b4f7bf8
                                                                                                                                              • Instruction Fuzzy Hash: 27110832A142105ADE26BAFCAC59B7F278D8BC3734F29065DF919972D2DF219C818191
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0099250C Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 228 99250c-992524 call 99e92e 231 99253a-992550 SetFilePointerEx 228->231 232 992526-99252d 228->232 234 992552-992563 GetLastError call 9916b8 231->234 235 992565-99256f 231->235 233 992534-992538 232->233 237 99258b-99258e 233->237 234->233 235->233 236 992571-992586 235->236 236->237
                                                                                                                                              APIs
                                                                                                                                              • SetFilePointerEx.KERNELBASE(00000000,?,?,?,?,?,00000000,?,?,?,00992616,?,?,?,?,?), ref: 00992548
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00992616,?,?,?,?,?,00000000,?,00000000), ref: 00992555
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                              • Opcode ID: 0abbb72c5aeefd9bbfdd6f6f42e87f21a16005abe0e8911c2e8a9a23e84dac45
                                                                                                                                              • Instruction ID: 0c70c042d466dcd76196c4adbcb829d3c92fefb935c53c8986530b0975581944
                                                                                                                                              • Opcode Fuzzy Hash: 0abbb72c5aeefd9bbfdd6f6f42e87f21a16005abe0e8911c2e8a9a23e84dac45
                                                                                                                                              • Instruction Fuzzy Hash: 3001C432610515BFCF09CF69DC159AE3B69EB85320B250208F8119B290E671ED52CB91
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009532D0 Relevance: 1.5, APIs: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 298 9532d0-9532e0 299 953306-953308 298->299 300 9532e2-9532e7 298->300 301 953318-95331e 299->301 302 95330a-953317 call 983662 299->302 303 95331f call 952b50 300->303 304 9532e9-9532ea call 983662 300->304 309 953324-953329 call 988c60 303->309 310 9532ef-9532f6 304->310 310->309 311 9532f8-953305 310->311
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 0095331F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                              • Opcode ID: 88e0f75f83d5f9e69285ef2088a1dfdc1055322beeb667a90db4e8c6ac7f301f
                                                                                                                                              • Instruction ID: 6fdb47c5ac49e54f347aea3f6d129290e52db4a6ef10108fb6f58720a3134ab4
                                                                                                                                              • Opcode Fuzzy Hash: 88e0f75f83d5f9e69285ef2088a1dfdc1055322beeb667a90db4e8c6ac7f301f
                                                                                                                                              • Instruction Fuzzy Hash: D5F0BB711001049BCB14BF65D4159E9B3ECDF543D2750857AEC8DC7212FB36DA548790
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0099A64C Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 314 99a64c-99a657 315 99a659-99a663 314->315 316 99a665-99a66b 314->316 315->316 317 99a699-99a6a4 call 9916ef 315->317 318 99a66d-99a66e 316->318 319 99a684-99a695 RtlAllocateHeap 316->319 324 99a6a6-99a6a8 317->324 318->319 320 99a670-99a677 call 998270 319->320 321 99a697 319->321 320->317 327 99a679-99a682 call 995a79 320->327 321->324 327->317 327->319
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000001), ref: 0099A68D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: 3c9d2c3607db7cb1f3efa9b85f924e21c95b0eb4cf1bff84d269e929258fbedd
                                                                                                                                              • Instruction ID: 8f4b3fd6da07a9a65d030053f0d63573deae6003328e135aa6a4c7cef8a310b9
                                                                                                                                              • Opcode Fuzzy Hash: 3c9d2c3607db7cb1f3efa9b85f924e21c95b0eb4cf1bff84d269e929258fbedd
                                                                                                                                              • Instruction Fuzzy Hash: 30F089336116256BEF225B6FDC05B5B374DEF92770B1D8112E809DA1A0DB34DC0186E6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0099B086 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 330 99b086-99b092 331 99b0c4-99b0cf call 9916ef 330->331 332 99b094-99b096 330->332 339 99b0d1-99b0d3 331->339 334 99b098-99b099 332->334 335 99b0af-99b0c0 RtlAllocateHeap 332->335 334->335 337 99b09b-99b0a2 call 998270 335->337 338 99b0c2 335->338 337->331 342 99b0a4-99b0ad call 995a79 337->342 338->339 342->331 342->335
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,00000001,?), ref: 0099B0B8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: 8b05ab11a9257f0ffc88b8b685391e940728f0bbeb7de58aff77dfc3d50e973f
                                                                                                                                              • Instruction ID: bd6261fb7de39da447976367b093bd3688e7820e7bfc2c9f6c2d0231a173a8bc
                                                                                                                                              • Opcode Fuzzy Hash: 8b05ab11a9257f0ffc88b8b685391e940728f0bbeb7de58aff77dfc3d50e973f
                                                                                                                                              • Instruction Fuzzy Hash: C7E06D316016216BEE312BAEFE04B5F364DAF823A0F150125FD29E70D5DB2DDC0082E1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 00A1C630 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 240injectionmemorysynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 00A1C6A1
                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000), ref: 00A1C6BD
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 00A1C6F2
                                                                                                                                              • VirtualAllocEx.KERNEL32(?,00000000,00001000,00003000,00000040), ref: 00A1C71B
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,00000000,?,00000218,00000000), ref: 00A1C8BF
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,00000218,00A1C990,-00000010,00000000), ref: 00A1C8E1
                                                                                                                                              • CreateRemoteThread.KERNEL32(?,00000000,00000000,00000218,00000000,00000000,00000000), ref: 00A1C8F4
                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00A1C8FD
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MemoryProcessWrite$AllocVirtual$CreateObjectRemoteSingleThreadWait
                                                                                                                                              • String ID: %s|%s$131$4oST
                                                                                                                                              • API String ID: 2137838514-1634972829
                                                                                                                                              • Opcode ID: 6b11d5fb82952678321389a7154d2c837a9af193c08aefa0415ab425549ecd96
                                                                                                                                              • Instruction ID: 9fc06e28fcefd7f3dab7efc937a8d73789dfc8d6010d4a3f176fb793bf33002c
                                                                                                                                              • Opcode Fuzzy Hash: 6b11d5fb82952678321389a7154d2c837a9af193c08aefa0415ab425549ecd96
                                                                                                                                              • Instruction Fuzzy Hash: DEB169B1D002089FDB14CFA4CC85BEEBBB1FF48310F104259E549AB291D775AA85CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009A32E1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,009A35F3,?,?), ref: 009A337A
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,009A35F3,?,?), ref: 009A33A3
                                                                                                                                              • GetACP.KERNEL32(?,?,009A35F3,?,?), ref: 009A33B8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLocale
                                                                                                                                              • String ID: ACP$OCP
                                                                                                                                              • API String ID: 2299586839-711371036
                                                                                                                                              • Opcode ID: 8a72cdb63c62accd318503721ebe4564ed29f88a73129d630e20df655d3c72b4
                                                                                                                                              • Instruction ID: 7ed824a55a06018cdc24b6dfc1748fae4a84cb78f1d33b3e99038aec0305343e
                                                                                                                                              • Opcode Fuzzy Hash: 8a72cdb63c62accd318503721ebe4564ed29f88a73129d630e20df655d3c72b4
                                                                                                                                              • Instruction Fuzzy Hash: 8421A132608105AADF348F59D905B9B73AAAF52B50BD6C524F906DB150EF32DF41C3D0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009A34BD Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00999E32: GetLastError.KERNEL32(00000000,?,0099F819), ref: 00999E36
                                                                                                                                                • Part of subcall function 00999E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00999ED8
                                                                                                                                              • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 009A35C5
                                                                                                                                              • IsValidCodePage.KERNEL32(?), ref: 009A3603
                                                                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 009A3616
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 009A365E
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 009A3679
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 415426439-0
                                                                                                                                              • Opcode ID: 05942d18241a67f2866d612c7272348ae445fdaad66960f5cc8b78f3711c31e2
                                                                                                                                              • Instruction ID: 46131206798311c67b51aa247079fbc17fe4f88a0dd2e578e8e6868e170b812c
                                                                                                                                              • Opcode Fuzzy Hash: 05942d18241a67f2866d612c7272348ae445fdaad66960f5cc8b78f3711c31e2
                                                                                                                                              • Instruction Fuzzy Hash: 8F514F71E00206AFDB10DFA9DC45BBA77B8EF4A700F148469B915EB191EB70DA44CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009A2B48 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00999E32: GetLastError.KERNEL32(00000000,?,0099F819), ref: 00999E36
                                                                                                                                                • Part of subcall function 00999E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00999ED8
                                                                                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,009972F0,?,?,?,?,?,-00000050,?,?,?), ref: 009A2C07
                                                                                                                                              • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,009972F0,?,?,?,?,?,-00000050,?,?), ref: 009A2C3E
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,?,00000000,?), ref: 009A2DA1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                              • String ID: utf8
                                                                                                                                              • API String ID: 607553120-905460609
                                                                                                                                              • Opcode ID: 7102289a83dc41624b67b6dd821761cf539dec600520880eb3b5466469f6b5b7
                                                                                                                                              • Instruction ID: 7636616035ffa846e2d79823757621326088d1bc1fc548aa69116660d10f6999
                                                                                                                                              • Opcode Fuzzy Hash: 7102289a83dc41624b67b6dd821761cf539dec600520880eb3b5466469f6b5b7
                                                                                                                                              • Instruction Fuzzy Hash: 8F71E675600306AADB24AF7CCC46BBA73ACEF46710F14496AF945DB1C2EB74E94187E0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0098C950 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d832fe2a0f42001a57c9b2c34ab75cd1b9a187cae735d2738bff895b2773b599
                                                                                                                                              • Instruction ID: 1fef4ad94d06fa0401d1450b479c981d5eb3380a4d3a0c3779392ed6a9507fc6
                                                                                                                                              • Opcode Fuzzy Hash: d832fe2a0f42001a57c9b2c34ab75cd1b9a187cae735d2738bff895b2773b599
                                                                                                                                              • Instruction Fuzzy Hash: 6C022CB1E012199BDF14DFA9D8806AEFBF5FF48314F248269E919E7381D731A941CB90
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009A79D3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlDecodePointer.NTDLL(?), ref: 009A79EC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DecodePointer
                                                                                                                                              • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                              • API String ID: 3527080286-3064271455
                                                                                                                                              • Opcode ID: b94d92d4c896a4e4556b8ace7e140cac47d94f04e344e1c231aff12f86413431
                                                                                                                                              • Instruction ID: 4471d6d2dea7e4cb852bd723ee08abc4c214f1c785bd92a2cedba18b6bc26b4d
                                                                                                                                              • Opcode Fuzzy Hash: b94d92d4c896a4e4556b8ace7e140cac47d94f04e344e1c231aff12f86413431
                                                                                                                                              • Instruction Fuzzy Hash: F5518CB090860ADBDF108FE8EC491ADFFB8FB47310F554585D481AB2A4C7788A25CBE5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0099BB58 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _strrchr
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                              • Opcode ID: 88e4da6258101c5fc24b34185784eb547dfa0330ad300027970d950eece25734
                                                                                                                                              • Instruction ID: aae61f5169a5cfa6498d5ca0ed361b3028dc3b30afa7475634b63310d1c618e3
                                                                                                                                              • Opcode Fuzzy Hash: 88e4da6258101c5fc24b34185784eb547dfa0330ad300027970d950eece25734
                                                                                                                                              • Instruction Fuzzy Hash: 33B14672E00355AFEF218F6CDD81BEE7BA9EF55310F144155E944AF282E7789901C7A0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009872C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 132COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 009872F7
                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 009872FF
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00987388
                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 009873B3
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00987408
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                              • String ID: csm
                                                                                                                                              • API String ID: 1170836740-1018135373
                                                                                                                                              • Opcode ID: 39cabb8ec6165f5d07af30a71d1aa6268b6f6d84af06596429af6e0903cc7cfc
                                                                                                                                              • Instruction ID: cc53102c2690cefdcc35962878267be9f61d80053e88fb81900062deb119c5ef
                                                                                                                                              • Opcode Fuzzy Hash: 39cabb8ec6165f5d07af30a71d1aa6268b6f6d84af06596429af6e0903cc7cfc
                                                                                                                                              • Instruction Fuzzy Hash: 3F418534A042099BCF10EFA8D885B9EFBA9BF45314F248156EC199B392D731DD11DBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0099B370 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,0099B47F,?,?,00000000,00000001,?,?,0099B6A9,00000022,FlsSetValue,00AAEB88,00AAEB90,00000001), ref: 0099B431
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                              • Opcode ID: 652d27e1a360d47d6f8fb8cd5f007da12f02ddc7f24210717e5dac826ddef111
                                                                                                                                              • Instruction ID: ead04eca14a1b0525a8e603895f2c23ac8389168c35df8748ce41b4687d0fafd
                                                                                                                                              • Opcode Fuzzy Hash: 652d27e1a360d47d6f8fb8cd5f007da12f02ddc7f24210717e5dac826ddef111
                                                                                                                                              • Instruction Fuzzy Hash: 5A21EB31E42211BBDF21DBB9FD41A6A375CDB52760F240525F906A72E1DB38ED01D6D0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00A152A0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 399COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 149.18.24.96$4oST$4oST$4oST
                                                                                                                                              • API String ID: 0-608211275
                                                                                                                                              • Opcode ID: 72457afa7c26ec47b159f54faeb8a7652c0817b4b7ff1c5aea5de678aa5beb6f
                                                                                                                                              • Instruction ID: 720757b163c08077dd704b51b34a15c862c2e17d16020640ceccb53f00cccb5d
                                                                                                                                              • Opcode Fuzzy Hash: 72457afa7c26ec47b159f54faeb8a7652c0817b4b7ff1c5aea5de678aa5beb6f
                                                                                                                                              • Instruction Fuzzy Hash: A1021170D05288DFDF14DFA8C9457DDBBB0AF94304F148199E8096B382DBB55E88DBA2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0096A060 Relevance: 9.1, APIs: 6, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0096A09D
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0096A0BF
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0096A0E7
                                                                                                                                              • __Getctype.LIBCPMT ref: 0096A1C5
                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 0096A1F9
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0096A223
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1102183713-0
                                                                                                                                              • Opcode ID: 58b932eb3aa53ed794171f0908dec8ba0235dcd6831248e1469d4e47561bfae8
                                                                                                                                              • Instruction ID: ec255b31a088cc944efae0a481e5b06c2e73cf1f96eaec5084bf75fc8e00499b
                                                                                                                                              • Opcode Fuzzy Hash: 58b932eb3aa53ed794171f0908dec8ba0235dcd6831248e1469d4e47561bfae8
                                                                                                                                              • Instruction Fuzzy Hash: 975198B0D01249CBDB10DFA8C9417AEBBF4BB11314F24825ED855AB391E774AE45CBD2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00993623 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,9B16A19C,?,?,00000000,00A9E6D5,000000FF,?,009935FF,?,?,009935D3,00000016), ref: 00993658
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0099366A
                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00A9E6D5,000000FF,?,009935FF,?,?,009935D3,00000016), ref: 0099368C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                              • Opcode ID: f7b56d9a9460e68ccc0bffb274496146eca86cc33292b2bf57917b14722f25c4
                                                                                                                                              • Instruction ID: 63777f7053c6ca99032cb910224cf27d002c96f9e13c0bb929aa5eee50ef590a
                                                                                                                                              • Opcode Fuzzy Hash: f7b56d9a9460e68ccc0bffb274496146eca86cc33292b2bf57917b14722f25c4
                                                                                                                                              • Instruction Fuzzy Hash: DF01A731A4461AFFDB11CF94DC09BAEBBF8FB05715F004629E812A26D0DB749A00CA50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0096C430 Relevance: 7.6, APIs: 5, Instructions: 119COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0096C45A
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0096C47C
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0096C4A4
                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 0096C59A
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0096C5C4
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 459529453-0
                                                                                                                                              • Opcode ID: b25ad073b055f57aaaa502f3b00227c72593fc4800d1f7a37a1bf6c903425fc6
                                                                                                                                              • Instruction ID: 4926196d4c249a3745c37a37b1f7a460dbd542791d8c3e55b7589adc1e747d8a
                                                                                                                                              • Opcode Fuzzy Hash: b25ad073b055f57aaaa502f3b00227c72593fc4800d1f7a37a1bf6c903425fc6
                                                                                                                                              • Instruction Fuzzy Hash: 2A51BCB0901248DFDB10DF98C854BAEBBF4FF40314F24815AE886AB391D775AA05CBD1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00982BB8 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00982BCC
                                                                                                                                              • RtlAcquireSRWLockExclusive.NTDLL(00000008), ref: 00982BEB
                                                                                                                                              • RtlAcquireSRWLockExclusive.NTDLL(00000008), ref: 00982C19
                                                                                                                                              • RtlTryAcquireSRWLockExclusive.NTDLL(00000008), ref: 00982C74
                                                                                                                                              • RtlTryAcquireSRWLockExclusive.NTDLL(00000008), ref: 00982C8B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 66001078-0
                                                                                                                                              • Opcode ID: bd199f38f842b73857ae5e15347ca24e7b2a49526543f7e75c702356af0838f1
                                                                                                                                              • Instruction ID: 84d6204fb8892a98196829803a24e4a49a650728f36b8bf26ccc01d15dba5bf0
                                                                                                                                              • Opcode Fuzzy Hash: bd199f38f842b73857ae5e15347ca24e7b2a49526543f7e75c702356af0838f1
                                                                                                                                              • Instruction Fuzzy Hash: 2141383190070ADBCB20EF65C485ABEB3F8FF19350B6089AAE486D7750D734E985CB61
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00954900 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0095499F
                                                                                                                                                • Part of subcall function 009851EB: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,74D723A0,?,00981CF9,?,00AC69D8,74D723A0,?,74D723A0,-00AD6880), ref: 0098524B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                                                                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                              • API String ID: 1903096808-1866435925
                                                                                                                                              • Opcode ID: 924b43bfe3c24dc6badbbbf0b5cf839305607749a22d59de463ef359cc4f8616
                                                                                                                                              • Instruction ID: d6f4ad2900c837b70bc534a04d8cdb0ec65de3be94fdb49f043da71aabf76fe1
                                                                                                                                              • Opcode Fuzzy Hash: 924b43bfe3c24dc6badbbbf0b5cf839305607749a22d59de463ef359cc4f8616
                                                                                                                                              • Instruction Fuzzy Hash: B61129B29086447BCB14EF59CC03BA7739CE745B15F044A2DFD58872C2EB35A948CB92
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00998E8F Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetConsoleOutputCP.KERNEL32(9B16A19C,00000000,00000000,?), ref: 00998EF2
                                                                                                                                                • Part of subcall function 0099EC43: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0099A854,?,00000000,-00000008), ref: 0099ECA4
                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00999144
                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0099918A
                                                                                                                                              • GetLastError.KERNEL32 ref: 0099922D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2112829910-0
                                                                                                                                              • Opcode ID: 00cf357843401ef2f2d57df5cca85d8a3c27f5332b7a708be97d0aaaee37d836
                                                                                                                                              • Instruction ID: b2f356ddd96f2ef04fc17cce9528b4e226d7b511bd7c5b502e6dc0f210a6193c
                                                                                                                                              • Opcode Fuzzy Hash: 00cf357843401ef2f2d57df5cca85d8a3c27f5332b7a708be97d0aaaee37d836
                                                                                                                                              • Instruction Fuzzy Hash: 66D159B5D04249AFCF15CFECC884AADBBB9FF49310F14452EE46AEB251D630A942CB50
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00982719 Relevance: 6.0, APIs: 4, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00982720
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0098272B
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00982799
                                                                                                                                                • Part of subcall function 0098287C: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00982894
                                                                                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 00982746
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 677527491-0
                                                                                                                                              • Opcode ID: f2291d3ecb07eb248fbf9aadf8a522ceeb54a17f64b8dd65543bbc47c74f85c3
                                                                                                                                              • Instruction ID: 73b688d71240df85976a9faa15028e6a04ea003940896eb7d7700e47d26265ac
                                                                                                                                              • Opcode Fuzzy Hash: f2291d3ecb07eb248fbf9aadf8a522ceeb54a17f64b8dd65543bbc47c74f85c3
                                                                                                                                              • Instruction Fuzzy Hash: 4501B835A006209BDB06FBB0C85167D7BA1BFC4B80B08400AE8021B3D2CF78AA02CBD1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009A6D22 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,009A3DBC,?,00000001,?,?,?,00999281,?,00000000,00000000), ref: 009A6D39
                                                                                                                                              • GetLastError.KERNEL32(?,009A3DBC,?,00000001,?,?,?,00999281,?,00000000,00000000,?,?,?,0099985B,?), ref: 009A6D45
                                                                                                                                                • Part of subcall function 009A6D0B: CloseHandle.KERNEL32(FFFFFFFE,009A6D55,?,009A3DBC,?,00000001,?,?,?,00999281,?,00000000,00000000,?,?), ref: 009A6D1B
                                                                                                                                              • ___initconout.LIBCMT ref: 009A6D55
                                                                                                                                                • Part of subcall function 009A6CCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,009A6CFC,009A3DA9,?,?,00999281,?,00000000,00000000,?), ref: 009A6CE0
                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,?,00000000,?,009A3DBC,?,00000001,?,?,?,00999281,?,00000000,00000000,?), ref: 009A6D6A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2744216297-0
                                                                                                                                              • Opcode ID: 54bdf9336821a1ee3be4b4bd55afd733415c27f690ef8ff917c4066758cba124
                                                                                                                                              • Instruction ID: 9cd76d18850a98244533a8b622d50ee9c977900d523a9db5623e2fe4ede211b3
                                                                                                                                              • Opcode Fuzzy Hash: 54bdf9336821a1ee3be4b4bd55afd733415c27f690ef8ff917c4066758cba124
                                                                                                                                              • Instruction Fuzzy Hash: CDF01C36200115BBCF225FD1DC04A9A3F6AEB5A3A0F058011FA4D85160C7328C21DBD1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00957350 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 158COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 0095750C
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 00957522
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_destroy
                                                                                                                                              • String ID: [json.exception.
                                                                                                                                              • API String ID: 4194217158-791563284
                                                                                                                                              • Opcode ID: be0896ae3997880121d14dc42522d5cc334325d9dba94a4873b5eebf290082af
                                                                                                                                              • Instruction ID: 40cba5a73ce9c3beae9baa5987eeb87b3ea6873a8eb0889b0dd4515a65411744
                                                                                                                                              • Opcode Fuzzy Hash: be0896ae3997880121d14dc42522d5cc334325d9dba94a4873b5eebf290082af
                                                                                                                                              • Instruction Fuzzy Hash: 5251D2B1D04248AFDB00DFA8C90579EFBB4EF51314F144269E850A73C2E7B59A48CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 009547F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0095499F
                                                                                                                                                • Part of subcall function 009851EB: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,74D723A0,?,00981CF9,?,00AC69D8,74D723A0,?,74D723A0,-00AD6880), ref: 0098524B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                                                                                                                              • String ID: ios_base::badbit set$ios_base::failbit set
                                                                                                                                              • API String ID: 1903096808-1240500531
                                                                                                                                              • Opcode ID: ba8eabeba5546a6fdb279516ceb800aafb5869788af23b3b94afcf7dce2e742c
                                                                                                                                              • Instruction ID: 6abc25365b1247b4f06ba4c03de77988bb822f24498e3dc42348d473cce0a299
                                                                                                                                              • Opcode Fuzzy Hash: ba8eabeba5546a6fdb279516ceb800aafb5869788af23b3b94afcf7dce2e742c
                                                                                                                                              • Instruction Fuzzy Hash: 9E4114B1D04248ABCB04DF59CC46BAEBBF8EB45710F14821DF954A7381D7759A44CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00954040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 00954061
                                                                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 009540C4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                              • String ID: bad locale name
                                                                                                                                              • API String ID: 3988782225-1405518554
                                                                                                                                              • Opcode ID: 9bd739009a4ed28e1469816856044356854c2143caf7c8076078642ac51b258d
                                                                                                                                              • Instruction ID: 2c28fe2e4c81266ec7048f848bd458b224d7ea4f504d27445c2fb45fb7c35a15
                                                                                                                                              • Opcode Fuzzy Hash: 9bd739009a4ed28e1469816856044356854c2143caf7c8076078642ac51b258d
                                                                                                                                              • Instruction Fuzzy Hash: C1110370805B84EED721CF68C50474BBFF4AF15714F108A9DD08587B82D3B59A08C7A1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00983D67 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00984540
                                                                                                                                              • ___raise_securityfailure.LIBCMT ref: 00984628
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000006.00000002.3566754558.0000000000951000.00000040.00000001.01000000.00000004.sdmp, Offset: 00950000, based on PE: true
                                                                                                                                              • Associated: 00000006.00000002.3566708888.0000000000950000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AD2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3566754558.0000000000AE2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AEC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF1000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567247273.0000000000AF4000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000AF7000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C27000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C41000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000C88000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000CD0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000000FE1000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              • Associated: 00000006.00000002.3567389500.0000000001282000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_6_2_950000_MPGPH131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                              • String ID: c^do
                                                                                                                                              • API String ID: 3761405300-4013511018
                                                                                                                                              • Opcode ID: 1104bf62755a979140fc605753f3004caddeeb264ed685a012c4cf7d300e6974
                                                                                                                                              • Instruction ID: 7647ac9d9b0f56fb3f3acf1febd7292ad11f0a98d3fe4988071b4557c5d6bc5d
                                                                                                                                              • Opcode Fuzzy Hash: 1104bf62755a979140fc605753f3004caddeeb264ed685a012c4cf7d300e6974
                                                                                                                                              • Instruction Fuzzy Hash: F221F0B4902A00DFE705DFB5F985B847BA5FB18314F98846BE5068B3A0E3B09982CF40
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Executed Functions

                                                                                                                                              Function 006B4EB0 Relevance: 18.3, APIs: 12, Instructions: 279networksleepCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              APIs
                                                                                                                                              • setsockopt.WS2_32(000003D0,0000FFFF,00001006,?,00000008), ref: 006B4F56
                                                                                                                                              • recv.WS2_32(?,00000004,00000002), ref: 006B4F71
                                                                                                                                              • WSAGetLastError.WS2_32 ref: 006B4F75
                                                                                                                                              • recv.WS2_32(00000000,0000000C,00000002,00000000), ref: 006B4FF3
                                                                                                                                              • recv.WS2_32(00000000,0000000C,00000008), ref: 006B5014
                                                                                                                                              • setsockopt.WS2_32(0000FFFF,00001006,?,00000008,?), ref: 006B50B0
                                                                                                                                              • recv.WS2_32(00000000,?,00000008), ref: 006B50CB
                                                                                                                                                • Part of subcall function 006B5940: WSAStartup.WS2_32 ref: 006B596A
                                                                                                                                                • Part of subcall function 006B5940: getaddrinfo.WS2_32(?,?,?,00776328), ref: 006B59EC
                                                                                                                                                • Part of subcall function 006B5940: socket.WS2_32(?,?,?), ref: 006B5A0D
                                                                                                                                                • Part of subcall function 006B5940: connect.WS2_32(00000000,00746B31,?), ref: 006B5A21
                                                                                                                                                • Part of subcall function 006B5940: closesocket.WS2_32(00000000), ref: 006B5A2D
                                                                                                                                                • Part of subcall function 006B5940: FreeAddrInfoW.WS2_32(?), ref: 006B5A3A
                                                                                                                                                • Part of subcall function 006B5940: WSACleanup.WS2_32 ref: 006B5A40
                                                                                                                                              • recv.WS2_32(?,00000004,00000008), ref: 006B51D3
                                                                                                                                              • __Xtime_get_ticks.LIBCPMT ref: 006B51DA
                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 006B51E8
                                                                                                                                              • Sleep.KERNEL32(00000001,00000000,?,00002710,00000000), ref: 006B5261
                                                                                                                                              • Sleep.KERNEL32(00000064,?,00002710,00000000), ref: 006B5269
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: recv$Sleepsetsockopt$AddrCleanupErrorFreeInfoLastStartupUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@closesocketconnectgetaddrinfosocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3089209366-0
                                                                                                                                              • Opcode ID: 6220ae86e79995694378a173af82867ee137e2ee40f9b67d7ebfebeb42110d6d
                                                                                                                                              • Instruction ID: 8135a984e111219ec8a89e522dd61236224c9b22a3b7b401face24cd8bf9589b
                                                                                                                                              • Opcode Fuzzy Hash: 6220ae86e79995694378a173af82867ee137e2ee40f9b67d7ebfebeb42110d6d
                                                                                                                                              • Instruction Fuzzy Hash: 4EB1ADB1D00748DFEB14DFA8CC49BEDBBB2BB45300F108219E559AB2E2D7785984CB85
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006B5940 Relevance: 12.1, APIs: 8, Instructions: 92networkCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 56 6b5940-6b5972 WSAStartup 57 6b5978-6b59a2 call 6d77d0 * 2 56->57 58 6b5a46-6b5a4f 56->58 63 6b59ae-6b59f4 getaddrinfo 57->63 64 6b59a4-6b59a8 57->64 65 6b5a40 WSACleanup 63->65 66 6b59f6-6b59fc 63->66 64->58 64->63 65->58 67 6b59fe 66->67 68 6b5a54-6b5a5e FreeAddrInfoW 66->68 70 6b5a04-6b5a18 socket 67->70 68->65 69 6b5a60-6b5a68 68->69 70->65 71 6b5a1a-6b5a2a connect 70->71 72 6b5a2c-6b5a34 closesocket 71->72 73 6b5a50 71->73 72->70 74 6b5a36-6b5a3a FreeAddrInfoW 72->74 73->68 74->65
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddrFreeInfo$CleanupStartupclosesocketconnectgetaddrinfosocket
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 448659506-0
                                                                                                                                              • Opcode ID: bf37b7ae6937a92dabd583c436d9af43cd8fdb560198aa7652d72fb76631b54a
                                                                                                                                              • Instruction ID: 7d4330ec05d7b9a7d4140cf8e31b7b3293ea0df06de429b0665692f5f3d670e6
                                                                                                                                              • Opcode Fuzzy Hash: bf37b7ae6937a92dabd583c436d9af43cd8fdb560198aa7652d72fb76631b54a
                                                                                                                                              • Instruction Fuzzy Hash: 8831E675504700ABC7209F24DC84BEAB7E6FB85734F10471EF9A5A32E0E73498448796
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005F9280 Relevance: 10.9, APIs: 3, Strings: 3, Instructions: 382libraryloadernetworkCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 75 5f9280-5f92dd call 6063b0 78 5f9413-5f9521 call 5f2df0 call 6d77d0 75->78 79 5f92e3-5f92e9 75->79 93 5f9537-5f953f call 608dc0 78->93 94 5f9523-5f9535 78->94 80 5f92f0-5f9313 79->80 82 5f9315-5f931f 80->82 83 5f9324-5f9331 80->83 85 5f9403-5f9406 82->85 86 5f9333-5f933d 83->86 87 5f9342-5f934f 83->87 90 5f9409-5f940d 85->90 86->85 91 5f9351-5f935b 87->91 92 5f9360-5f936d 87->92 90->78 90->80 91->85 95 5f936f-5f9379 92->95 96 5f937e-5f938b 92->96 99 5f9544-5f9597 call 6d77d0 * 2 93->99 94->99 95->85 97 5f938d-5f9397 96->97 98 5f9399-5f93a6 96->98 97->85 101 5f93a8-5f93b2 98->101 102 5f93b4-5f93c1 98->102 112 5f95cb-5f95e1 call 6d77d0 99->112 113 5f9599-5f95c8 call 6d77d0 call 625260 99->113 101->85 104 5f93cf-5f93dc 102->104 105 5f93c3-5f93cd 102->105 107 5f93de-5f93e8 104->107 108 5f93ea-5f93f4 104->108 105->85 107->85 108->90 111 5f93f6-5f93ff 108->111 111->85 118 5f95e7-5f95ed 112->118 119 5f96e2 112->119 113->112 121 5f95f0-5f96ce GetModuleHandleA GetProcAddress WSASend 118->121 122 5f96e6-5f96f0 119->122 124 5f975f-5f9763 121->124 125 5f96d4-5f96dc 121->125 126 5f971e-5f973d 122->126 127 5f96f2-5f96fe 122->127 124->122 125->119 125->121 130 5f976f-5f9796 126->130 131 5f973f-5f974b 126->131 128 5f9714-5f971b call 6238e3 127->128 129 5f9700-5f970e 127->129 128->126 129->128 132 5f9797-5f97fe call 628c60 call 5f2df0 * 2 129->132 134 5f974d-5f975b 131->134 135 5f9765-5f976c call 6238e3 131->135 134->132 139 5f975d 134->139 135->130 139->135
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleA.KERNEL32(Ws2_32.dll,?,?,?,?,0073A4DC,00000000,74D723A0,-00776880), ref: 005F96A6
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 005F96B4
                                                                                                                                              • WSASend.WS2_32(?,?,00000001,00000000,00000000,00000000,00000000,?,?,?,?,0073A4DC,00000000,74D723A0,-00776880), ref: 005F96C9
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressHandleModuleProcSend
                                                                                                                                              • String ID: 4oST$4oST$Ws2_32.dll
                                                                                                                                              • API String ID: 2819740048-1839276265
                                                                                                                                              • Opcode ID: b0195aef56d9ee5f2da1cfab4cdfe2c74a43f74a780004ee04cd8f30cac3f855
                                                                                                                                              • Instruction ID: 02d00c13653443fa7eb65124c3ca8d03bc589c0d77c95a5d6bea5f3220f2562e
                                                                                                                                              • Opcode Fuzzy Hash: b0195aef56d9ee5f2da1cfab4cdfe2c74a43f74a780004ee04cd8f30cac3f855
                                                                                                                                              • Instruction Fuzzy Hash: 9602DB70D04698DECF25CFA4C8907ADBFB1FF55310F24428DE4856B686D7781986CB92
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006B52A0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 399COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 146 6b52a0-6b52ec 147 6b52ee-6b530f call 5f2cf0 call 5f9280 146->147 148 6b531c-6b5322 146->148 166 6b5314-6b5317 147->166 150 6b533e-6b5344 148->150 151 6b5324-6b5339 call 606290 148->151 152 6b5360-6b5366 150->152 153 6b5346-6b535b call 606290 150->153 162 6b588b-6b58b4 call 5f2df0 151->162 157 6b5368-6b536c 152->157 158 6b5385-6b538b 152->158 153->162 157->162 163 6b5372-6b5380 call 606290 157->163 164 6b53ab-6b53b1 158->164 165 6b538d-6b53a6 call 6312a7 158->165 163->162 170 6b53bf-6b53c5 164->170 171 6b53b3-6b53ba 164->171 165->162 166->162 175 6b53cb-6b53f0 call 5f5400 170->175 176 6b5670-6b5676 170->176 171->162 186 6b53f2-6b540d 175->186 178 6b56cb-6b56d1 176->178 179 6b5678-6b56c6 call 60b430 call 603cb0 176->179 182 6b56d3-6b5721 call 60b430 call 603cb0 178->182 183 6b5726-6b572c 178->183 179->162 182->162 184 6b572e-6b577c call 60b430 call 603cb0 183->184 185 6b5781-6b5787 183->185 184->162 192 6b5789-6b57d7 call 60b430 call 603cb0 185->192 193 6b57dc-6b57e2 185->193 190 6b5413-6b54b5 call 5f2cf0 call 6032d0 call 60ace0 call 606030 call 5f2df0 * 2 186->190 191 6b5655-6b5662 call 622b9a 186->191 233 6b54bb-6b5560 call 5f2d30 call 6c3670 call 5f2df0 call 6032d0 call 605ff0 190->233 234 6b5667-6b566b 190->234 191->162 192->162 201 6b5834-6b583a 193->201 202 6b57e4-6b5832 call 60b430 call 603cb0 193->202 201->162 205 6b583c-6b586f call 648af0 call 6062c0 call 5f2df0 201->205 202->162 205->162 245 6b5562-6b5590 GetCurrentProcess call 6063b0 call 6bc630 233->245 246 6b5595-6b55ec call 6032d0 233->246 234->186 256 6b562c-6b5650 call 605230 call 5f2df0 245->256 251 6b55ee 246->251 252 6b55f0-6b55f2 call 629810 246->252 251->252 257 6b55f7-6b55fe 252->257 256->191 257->256 258 6b5600-6b5629 call 631618 call 62d098 257->258 258->256
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID: 149.18.24.96$4oST$4oST$4oST
                                                                                                                                              • API String ID: 0-608211275
                                                                                                                                              • Opcode ID: e631bf3b5fc127b8318b75413b41e2474e2e9ea847155107398e93dfbae36de9
                                                                                                                                              • Instruction ID: c3228f10b00d8e5fce81252eee809dcf4ed5544818224dc8060b6b3886f75cee
                                                                                                                                              • Opcode Fuzzy Hash: e631bf3b5fc127b8318b75413b41e2474e2e9ea847155107398e93dfbae36de9
                                                                                                                                              • Instruction Fuzzy Hash: 9B02F0B0D04258DEDF14DFA8C9457DDBBB2AF44304F1480ADD8096B386D7B95E88CBA6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00639779 Relevance: 3.2, APIs: 2, Instructions: 196fileCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 266 639779-63979b 267 6397a1-6397a3 266->267 268 63998e 266->268 270 6397a5-6397c4 call 628bd3 267->270 271 6397cf-6397f2 267->271 269 639990-639994 268->269 277 6397c7-6397ca 270->277 272 6397f4-6397f6 271->272 273 6397f8-6397fe 271->273 272->273 275 639800-639811 272->275 273->270 273->275 278 639813-639821 call 63262d 275->278 279 639824-639834 call 6392be 275->279 277->269 278->279 284 639836-63983c 279->284 285 63987d-63988f 279->285 288 639865-63987b call 638e8f 284->288 289 63983e-639841 284->289 286 639891-639897 285->286 287 6398e6-639906 WriteFile 285->287 293 6398d2-6398e4 call 63933b 286->293 294 639899-63989c 286->294 290 639911 287->290 291 639908-63990e GetLastError 287->291 306 63985e-639860 288->306 295 639843-639846 289->295 296 63984c-63985b call 639256 289->296 299 639914-63991f 290->299 291->290 312 6398b9-6398bc 293->312 300 6398be-6398d0 call 6394ff 294->300 301 63989e-6398a1 294->301 295->296 302 639926-639929 295->302 296->306 307 639921-639924 299->307 308 639989-63998c 299->308 300->312 309 63992c-63992e 301->309 310 6398a7-6398b4 call 639416 301->310 302->309 306->299 307->302 308->269 313 639930-639935 309->313 314 63995c-639968 309->314 310->312 312->306 317 639937-639949 313->317 318 63994e-639957 call 6316b8 313->318 319 639972-639984 314->319 320 63996a-639970 314->320 317->277 318->277 319->277 320->268 320->319
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00638E8F: GetConsoleOutputCP.KERNEL32(9B58D97E,00000000,00000000,?), ref: 00638EF2
                                                                                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,?), ref: 006398FE
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?), ref: 00639908
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConsoleErrorFileLastOutputWrite
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2915228174-0
                                                                                                                                              • Opcode ID: 9e9f77358247fc13f7937161943fa171cc4975b65d38cfa6d8be3e71394765dc
                                                                                                                                              • Instruction ID: ef5d420c567a57298bcc45389b467e9dd6415f30536361ae72b770fc9e5512d6
                                                                                                                                              • Opcode Fuzzy Hash: 9e9f77358247fc13f7937161943fa171cc4975b65d38cfa6d8be3e71394765dc
                                                                                                                                              • Instruction Fuzzy Hash: E761B3B1C04119AFDF11DFA8C844AEEBBBAAF4A304F180549E904A7256D7B1D941CFF4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00638DEF Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 323 638def-638e03 call 63e92e 326 638e05-638e07 323->326 327 638e09-638e11 323->327 328 638e57-638e77 call 63e89d 326->328 329 638e13-638e1a 327->329 330 638e1c-638e1f 327->330 338 638e89 328->338 339 638e79-638e87 call 6316b8 328->339 329->330 332 638e27-638e3b call 63e92e * 2 329->332 333 638e21-638e25 330->333 334 638e3d-638e4d call 63e92e FindCloseChangeNotification 330->334 332->326 332->334 333->332 333->334 334->326 345 638e4f-638e55 GetLastError 334->345 343 638e8b-638e8e 338->343 339->343 345->328
                                                                                                                                              APIs
                                                                                                                                              • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,00638CD6,00000000,?,00767178,0000000C,00638D92,?,?,?), ref: 00638E45
                                                                                                                                              • GetLastError.KERNEL32(?,00638CD6,00000000,?,00767178,0000000C,00638D92,?,?,?), ref: 00638E4F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1687624791-0
                                                                                                                                              • Opcode ID: 09dc1ae3932ed1ee0bb07f4f2d2c993b255cb319a1b157eb550c50c1d4cdebed
                                                                                                                                              • Instruction ID: 9ccadb0783bd5a56c5576cb18f49f6ef74248660be358febd18cfc03adb24d00
                                                                                                                                              • Opcode Fuzzy Hash: 09dc1ae3932ed1ee0bb07f4f2d2c993b255cb319a1b157eb550c50c1d4cdebed
                                                                                                                                              • Instruction Fuzzy Hash: E1116B33A003145ED6662374AC4ABFE274B8B86734F29060DF8189B2D2EF759C8182E4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0063250C Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 348 63250c-632524 call 63e92e 351 632526-63252d 348->351 352 63253a-632550 SetFilePointerEx 348->352 353 632534-632538 351->353 354 632552-632563 GetLastError call 6316b8 352->354 355 632565-63256f 352->355 356 63258b-63258e 353->356 354->353 355->353 358 632571-632586 355->358 358->356
                                                                                                                                              APIs
                                                                                                                                              • SetFilePointerEx.KERNEL32(00000000,?,?,?,?,?,00000000,?,?,?,00632616,?,?,?,?,?), ref: 00632548
                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,00632616,?,?,?,?,?,00000000,?,00000000), ref: 00632555
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                              • Opcode ID: 327032d78e49bf0246a5d5842ffa7b38e7faef37f488920657f0ff35ae68dc94
                                                                                                                                              • Instruction ID: 843100049cbb0f0f1623500857b1e1cc42b5f97f5dbf8610b94d17da2c587451
                                                                                                                                              • Opcode Fuzzy Hash: 327032d78e49bf0246a5d5842ffa7b38e7faef37f488920657f0ff35ae68dc94
                                                                                                                                              • Instruction Fuzzy Hash: 0F01D637610516AFCF058F59DC65D9E3B2AEB85330F244209F8119B2D0E671EE428BD0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0063B00C Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 360 63b00c-63b015 361 63b017-63b02a RtlFreeHeap 360->361 362 63b044-63b045 360->362 361->362 363 63b02c-63b043 GetLastError call 631652 call 6316ef 361->363 363->362
                                                                                                                                              APIs
                                                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000000,?,00641B36,?,00000000,?,?,00641DD7,?,00000007,?,?,006422CB,?,?), ref: 0063B022
                                                                                                                                              • GetLastError.KERNEL32(?,?,00641B36,?,00000000,?,?,00641DD7,?,00000007,?,?,006422CB,?,?), ref: 0063B02D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                              • Opcode ID: b434a4a541700d131c94d9e78c6b772acf3cd0a08565b19bf6bc0421c224272b
                                                                                                                                              • Instruction ID: 610ab6a2d3be2efa5b7edd102694a6adda81db4860e444fa645b4ac982150ec5
                                                                                                                                              • Opcode Fuzzy Hash: b434a4a541700d131c94d9e78c6b772acf3cd0a08565b19bf6bc0421c224272b
                                                                                                                                              • Instruction Fuzzy Hash: 75E08C32140214ABCB212BE4EC09B8A3A5ABB82395F048025F70C9A160DB388890CBD8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005F32D0 Relevance: 1.5, APIs: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 426 5f32d0-5f32e0 427 5f3306-5f3308 426->427 428 5f32e2-5f32e7 426->428 431 5f330a-5f3317 call 623662 427->431 432 5f3318-5f331e 427->432 429 5f331f call 5f2b50 428->429 430 5f32e9-5f32ea call 623662 428->430 438 5f3324-5f3329 call 628c60 429->438 436 5f32ef-5f32f6 430->436 436->438 439 5f32f8-5f3305 436->439
                                                                                                                                              APIs
                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 005F331F
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 118556049-0
                                                                                                                                              • Opcode ID: 88e0f75f83d5f9e69285ef2088a1dfdc1055322beeb667a90db4e8c6ac7f301f
                                                                                                                                              • Instruction ID: d65c558732a03453f5c21c962b91fd8df800beeca38389a7cef12be1100cff8a
                                                                                                                                              • Opcode Fuzzy Hash: 88e0f75f83d5f9e69285ef2088a1dfdc1055322beeb667a90db4e8c6ac7f301f
                                                                                                                                              • Instruction Fuzzy Hash: A1F024725001299BDB14AF64E8058F9B7E8FF143A1710097EEA8CC7252EB2EDA40CB80
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0063A64C Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 442 63a64c-63a657 443 63a665-63a66b 442->443 444 63a659-63a663 442->444 446 63a684-63a695 RtlAllocateHeap 443->446 447 63a66d-63a66e 443->447 444->443 445 63a699-63a6a4 call 6316ef 444->445 451 63a6a6-63a6a8 445->451 448 63a670-63a677 call 638270 446->448 449 63a697 446->449 447->446 448->445 455 63a679-63a682 call 635a79 448->455 449->451 455->445 455->446
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,00000001), ref: 0063A68D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: d9f29a7bc78721c49698227865d28e05fb351de08d037f6581aaa971d94ee95a
                                                                                                                                              • Instruction ID: c0725afce0928a252de197ae7976124302aacac02504c1197261cdd9b207d395
                                                                                                                                              • Opcode Fuzzy Hash: d9f29a7bc78721c49698227865d28e05fb351de08d037f6581aaa971d94ee95a
                                                                                                                                              • Instruction Fuzzy Hash: 34F0E0321006216B9B215BD19D07B96374FAF43770F1D8115F8489B260DA34DC01A6E6
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0063B086 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 458 63b086-63b092 459 63b0c4-63b0cf call 6316ef 458->459 460 63b094-63b096 458->460 468 63b0d1-63b0d3 459->468 461 63b098-63b099 460->461 462 63b0af-63b0c0 RtlAllocateHeap 460->462 461->462 464 63b0c2 462->464 465 63b09b-63b0a2 call 638270 462->465 464->468 465->459 470 63b0a4-63b0ad call 635a79 465->470 470->459 470->462
                                                                                                                                              APIs
                                                                                                                                              • RtlAllocateHeap.NTDLL(00000000,00000001,?), ref: 0063B0B8
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                              • Opcode ID: f621240517e528ed8e789b0ce8f219e30ef555e9c347d0fde29211869e1afc44
                                                                                                                                              • Instruction ID: b7e38938db7fe81d78c792e07c03e59186b361c92612ac5c28964280d598ce29
                                                                                                                                              • Opcode Fuzzy Hash: f621240517e528ed8e789b0ce8f219e30ef555e9c347d0fde29211869e1afc44
                                                                                                                                              • Instruction Fuzzy Hash: 22E065316006106BE63927A59C01B9F364BAF423E0F151125FF269B2D1DB24CC4085F5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 008EEB8C Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                              Download Yara Rule

                                                                                                                                              Control-flow Graph

                                                                                                                                              • Executed
                                                                                                                                              • Not Executed
                                                                                                                                              control_flow_graph 508 8eeb8c-8eeb97 509 8eeb99-8eeb9e 508->509 510 8eeba0-8eeba3 508->510 511 8eebaa-8eebbe VirtualAlloc 509->511 510->511 512 8eeba5 510->512 512->511
                                                                                                                                              APIs
                                                                                                                                              • VirtualAlloc.KERNEL32(?,?,?,?), ref: 008EEBB7
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmp, Offset: 00797000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                              • Opcode ID: 783d81fa5ce31c629ed09b258f97fcccd43a7e4753a3c4c8117fd625af855cc4
                                                                                                                                              • Instruction ID: 6ca0372cf06cfafbf4082c0b2b4acaf73241cc633caf5375d8f03ebe71c37036
                                                                                                                                              • Opcode Fuzzy Hash: 783d81fa5ce31c629ed09b258f97fcccd43a7e4753a3c4c8117fd625af855cc4
                                                                                                                                              • Instruction Fuzzy Hash: 5BE0E2B6714248ABDF60CE8DD884BAB339DFBC9720F108411FA0EE7208C234ED509761
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0088DE84 Relevance: .1, Instructions: 58COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000001.1831992730.0000000000797000.00000040.00000001.01000000.00000005.sdmp, Offset: 00797000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000001.1831992730.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000001.1831992730.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000001.1831992730.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000001.1831992730.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_1_797000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: b1e087e951b2fb2384612a75ca8321d8c067a6ae5d5f306d25c05badd41a5f75
                                                                                                                                              • Instruction ID: f2facd4122a05fbf950481ea39bae2d80c37bfb2502f9989be4f22d7470d1c3a
                                                                                                                                              • Opcode Fuzzy Hash: b1e087e951b2fb2384612a75ca8321d8c067a6ae5d5f306d25c05badd41a5f75
                                                                                                                                              • Instruction Fuzzy Hash: 2C113A30700205CBE755EF69E8C9A55B3A7FB8A314F148272E64A8B3A5CF74AC42CB55
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Non-executed Functions

                                                                                                                                              Function 006BC630 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 240injectionmemorysynchronizationCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • VirtualAllocEx.KERNEL32(00000000,00000000,?,00003000,00000040), ref: 006BC6A1
                                                                                                                                              • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000), ref: 006BC6BD
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 006BC6F2
                                                                                                                                              • VirtualAllocEx.KERNEL32(?,00000000,00001000,00003000,00000040), ref: 006BC71B
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,00000000,?,00000218,00000000), ref: 006BC8BF
                                                                                                                                              • WriteProcessMemory.KERNEL32(?,00000218,006BC990,-00000010,00000000), ref: 006BC8E1
                                                                                                                                              • CreateRemoteThread.KERNEL32(?,00000000,00000000,00000218,00000000,00000000,00000000), ref: 006BC8F4
                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 006BC8FD
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: MemoryProcessWrite$AllocVirtual$CreateObjectRemoteSingleThreadWait
                                                                                                                                              • String ID: %s|%s$131$4oST
                                                                                                                                              • API String ID: 2137838514-1634972829
                                                                                                                                              • Opcode ID: 0f893513633fbd5f2c7c8ddce94e08135fd984576b3eea12104286557b8582e6
                                                                                                                                              • Instruction ID: 32751ffe9df3130c81c33bdfdaf2186c8b8c43ab6e91b45cc951289de1cbc7c5
                                                                                                                                              • Opcode Fuzzy Hash: 0f893513633fbd5f2c7c8ddce94e08135fd984576b3eea12104286557b8582e6
                                                                                                                                              • Instruction Fuzzy Hash: 9AB159B1D00208DFDB14CFA4CC85BAEBBB5FF48310F108259E509AB291D775AA81CFA5
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006432E1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002,00000000,?,?,?,006435F3,?,?), ref: 0064337A
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,?,00000002,00000000,?,?,?,006435F3,?,?), ref: 006433A3
                                                                                                                                              • GetACP.KERNEL32(?,?,006435F3,?,?), ref: 006433B8
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: InfoLocale
                                                                                                                                              • String ID: ACP$OCP
                                                                                                                                              • API String ID: 2299586839-711371036
                                                                                                                                              • Opcode ID: 84d405a53303db15cfa41759cf0a5a66b4e7385841ee9ba24c9dc76d0a3b95b2
                                                                                                                                              • Instruction ID: 0bd5cdfd6a8416102df54ca64b0bc40ddd6d28ae70f83afb77698e92a398e064
                                                                                                                                              • Opcode Fuzzy Hash: 84d405a53303db15cfa41759cf0a5a66b4e7385841ee9ba24c9dc76d0a3b95b2
                                                                                                                                              • Instruction Fuzzy Hash: 4B21A132A00164EBDB368F29D901ADB73A7AF50B50B568424E906DB305EF32DF41D350
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006434BD Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00639E32: GetLastError.KERNEL32(00000000,?,0063F819), ref: 00639E36
                                                                                                                                                • Part of subcall function 00639E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00639ED8
                                                                                                                                              • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 006435C5
                                                                                                                                              • IsValidCodePage.KERNEL32(?), ref: 00643603
                                                                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 00643616
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,?,00000040,?,?,00000055,00000000,?,?,00000055,00000000), ref: 0064365E
                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,?,00000040), ref: 00643679
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 415426439-0
                                                                                                                                              • Opcode ID: a2c6944002557f38b90f138e9e28c1aea80b9c98f4cddf8e90c6780954d2cad0
                                                                                                                                              • Instruction ID: f5a0332230e6005e5477646add9fea056501bdbe609ab18d0c419e80210c12c7
                                                                                                                                              • Opcode Fuzzy Hash: a2c6944002557f38b90f138e9e28c1aea80b9c98f4cddf8e90c6780954d2cad0
                                                                                                                                              • Instruction Fuzzy Hash: 945171B1A00226ABDB14EFA5DC45AFE77BABF44700F154429F910EB350DBB0DA40CB65
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00642B48 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                                • Part of subcall function 00639E32: GetLastError.KERNEL32(00000000,?,0063F819), ref: 00639E36
                                                                                                                                                • Part of subcall function 00639E32: SetLastError.KERNEL32(00000000,00000000,00000001,00000007,000000FF), ref: 00639ED8
                                                                                                                                              • GetACP.KERNEL32(?,?,?,?,?,?,006372F0,?,?,?,?,?,-00000050,?,?,?), ref: 00642C07
                                                                                                                                              • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,006372F0,?,?,?,?,?,-00000050,?,?), ref: 00642C3E
                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,?,00000000,?), ref: 00642DA1
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                              • String ID: utf8
                                                                                                                                              • API String ID: 607553120-905460609
                                                                                                                                              • Opcode ID: f62c81efd366ba081f764766af2354fbe247666c7bcc4d727514f71938a96ec0
                                                                                                                                              • Instruction ID: 90ba0f4d86d079ba9b0e5cd4569f200c1d98d340043343978f0a44d2a061db2a
                                                                                                                                              • Opcode Fuzzy Hash: f62c81efd366ba081f764766af2354fbe247666c7bcc4d727514f71938a96ec0
                                                                                                                                              • Instruction Fuzzy Hash: 1E712C75A00607AAD724AF74CC92BFA73AAFF05300F70442DF905D7281EB70E9418768
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0062C950 Relevance: 6.5, APIs: 4, Instructions: 455COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID:
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID:
                                                                                                                                              • Opcode ID: d832fe2a0f42001a57c9b2c34ab75cd1b9a187cae735d2738bff895b2773b599
                                                                                                                                              • Instruction ID: 955f8b3ade5e0abd37530f1ca5cbe2ca4874cc54e6e1aa913ca112284f8b69fb
                                                                                                                                              • Opcode Fuzzy Hash: d832fe2a0f42001a57c9b2c34ab75cd1b9a187cae735d2738bff895b2773b599
                                                                                                                                              • Instruction Fuzzy Hash: 34022B71E016299FDB14CFA8D8806EEBBB2FF48324F248269D919A7341D731A941CF94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006479D3 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 147COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • RtlDecodePointer.NTDLL(?), ref: 006479EC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: DecodePointer
                                                                                                                                              • String ID: `-_$acos$asin$exp$log$log10$pow$sqrt
                                                                                                                                              • API String ID: 3527080286-4246198880
                                                                                                                                              • Opcode ID: 9524a0d4d7c36b8516641b85498e6ec24813b5596a20d7a5420c4852a9bef7bc
                                                                                                                                              • Instruction ID: b58b8335964700cff4e41bd1d3674044a69139be451e306cdb98951a0428e62d
                                                                                                                                              • Opcode Fuzzy Hash: 9524a0d4d7c36b8516641b85498e6ec24813b5596a20d7a5420c4852a9bef7bc
                                                                                                                                              • Instruction Fuzzy Hash: 0051B07090860ACBDF149FA8E84C1ED7FB6FF05310F554195D481AB368CB788A66CF95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0060A060 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 136COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0060A09D
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0060A0BF
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0060A0E7
                                                                                                                                              • __Getctype.LIBCPMT ref: 0060A1C5
                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 0060A1F9
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0060A223
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                                                                                                              • String ID: PD_$PG_$E_
                                                                                                                                              • API String ID: 1102183713-3557341036
                                                                                                                                              • Opcode ID: b3f49d1796451a62b417e0648bd2fb236d971b7239dcf4c5e1b4598b8e7a5068
                                                                                                                                              • Instruction ID: d948cb635250071164ae03fbf08cce1a0ec4b815762c7a7d944924586c7da2f9
                                                                                                                                              • Opcode Fuzzy Hash: b3f49d1796451a62b417e0648bd2fb236d971b7239dcf4c5e1b4598b8e7a5068
                                                                                                                                              • Instruction Fuzzy Hash: 9F51BAB0D40719DBDB14CF98C8417AEBBF0BB10354F18829CD855AB391D7B8AA84CBD2
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 006272C0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 132COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 006272F7
                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 006272FF
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00627388
                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 006273B3
                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00627408
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                              • String ID: `-_$csm$Wb
                                                                                                                                              • API String ID: 1170836740-4243561109
                                                                                                                                              • Opcode ID: 59b0e270605c954c640921091319d77304b3ca8c2a58410191738ed97767cb19
                                                                                                                                              • Instruction ID: 39436355c2dac9ec4772b9c4f1258ebb9f7284da239cd0c4f1b4de49278fbf7f
                                                                                                                                              • Opcode Fuzzy Hash: 59b0e270605c954c640921091319d77304b3ca8c2a58410191738ed97767cb19
                                                                                                                                              • Instruction Fuzzy Hash: 1741A334A046299FCF10DF68E884E9E7BE6EF45314F148159EC189B352DB35EA01CF95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0060C430 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 119COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0060C45A
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0060C47C
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0060C4A4
                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 0060C59A
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 0060C5C4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                              • String ID: E_$PD_
                                                                                                                                              • API String ID: 459529453-2603283866
                                                                                                                                              • Opcode ID: ae69555cac17e404d9e2f098809ea1436ed36a4c7844f15a78083445c2697925
                                                                                                                                              • Instruction ID: c612e34b2807c43969cfbc1c0567e18b982076aaec313abe68d2d315fa4d7884
                                                                                                                                              • Opcode Fuzzy Hash: ae69555cac17e404d9e2f098809ea1436ed36a4c7844f15a78083445c2697925
                                                                                                                                              • Instruction Fuzzy Hash: B951FEB0940659DFDB15DF58C854BAEBBF1FB00324F24825CE809AB381D778AA45CB81
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0063BB58 Relevance: 10.8, APIs: 7, Instructions: 329COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: _strrchr
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                              • Opcode ID: 88e4da6258101c5fc24b34185784eb547dfa0330ad300027970d950eece25734
                                                                                                                                              • Instruction ID: 1c09705f642ef4de748a963bf1819a291b1615b43ff3f881a14ffe6baf9483af
                                                                                                                                              • Opcode Fuzzy Hash: 88e4da6258101c5fc24b34185784eb547dfa0330ad300027970d950eece25734
                                                                                                                                              • Instruction Fuzzy Hash: 12B13772A003559FDB218F28CC82BEEBBA6EF55350F186159EA04AF382D774D901C7E4
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0063B370 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,0063B47F,?,?,00000000,00000001,?,?,0063B6A9,00000022,FlsSetValue,0074EB88,0074EB90,00000001), ref: 0063B431
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                              • API String ID: 3664257935-537541572
                                                                                                                                              • Opcode ID: 13c5c12fa7a882a8863b3b044344947850d9ad4b522b685e1f92bbc44f5c3e8b
                                                                                                                                              • Instruction ID: 86d868d173ab65db206ef86101675a9efab858a4f433e809705479ddd76990aa
                                                                                                                                              • Opcode Fuzzy Hash: 13c5c12fa7a882a8863b3b044344947850d9ad4b522b685e1f92bbc44f5c3e8b
                                                                                                                                              • Instruction Fuzzy Hash: DE218035E41220F7D7219B30DC41A9A779AEF423B0F245121FA05A7393DB74ED11CAD8
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00633623 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,9B58D97E,?,?,00000000,0073E6D5,000000FF,?,006335FF,?,?,006335D3,00000016), ref: 00633658
                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0063366A
                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,0073E6D5,000000FF,?,006335FF,?,?,006335D3,00000016), ref: 0063368C
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                              • String ID: CorExitProcess$`-_$mscoree.dll
                                                                                                                                              • API String ID: 4061214504-1292320349
                                                                                                                                              • Opcode ID: 00c6e0df236986d9e0b9495c16d584462d32c88e1c482fdfba56b74d65de64dc
                                                                                                                                              • Instruction ID: 8bd620a9e53813fe8812b2b7e612ae7cbd6761f33ec224739befdbc317bef763
                                                                                                                                              • Opcode Fuzzy Hash: 00c6e0df236986d9e0b9495c16d584462d32c88e1c482fdfba56b74d65de64dc
                                                                                                                                              • Instruction Fuzzy Hash: A6012B35544629FFDB118F40DC09BAEB7B8FB45B10F008126F812A23D0DB789E00CA84
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00622719 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00622720
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 0062272B
                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 00622799
                                                                                                                                                • Part of subcall function 0062287C: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00622894
                                                                                                                                              • std::locale::_Setgloballocale.LIBCPMT ref: 00622746
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                              • String ID: `-_
                                                                                                                                              • API String ID: 677527491-1818756280
                                                                                                                                              • Opcode ID: e0c24bb811a41d77363e8a870316ac2a688263e33d809f4a8a1e01bdfd4b8561
                                                                                                                                              • Instruction ID: b2ba5114862de1f49312088012590a2b824ab5d557e8c8a8943eca4bc355a856
                                                                                                                                              • Opcode Fuzzy Hash: e0c24bb811a41d77363e8a870316ac2a688263e33d809f4a8a1e01bdfd4b8561
                                                                                                                                              • Instruction Fuzzy Hash: 8901B175A00A32ABD705AB20E8555BD77B2FF85780B04800DE81117391DFB8AA46CF89
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00622BB8 Relevance: 7.6, APIs: 5, Instructions: 116threadCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 00622BCC
                                                                                                                                              • RtlAcquireSRWLockExclusive.NTDLL(00000008), ref: 00622BEB
                                                                                                                                              • RtlAcquireSRWLockExclusive.NTDLL(00000008), ref: 00622C19
                                                                                                                                              • RtlTryAcquireSRWLockExclusive.NTDLL(00000008), ref: 00622C74
                                                                                                                                              • RtlTryAcquireSRWLockExclusive.NTDLL(00000008), ref: 00622C8B
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: AcquireExclusiveLock$CurrentThread
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 66001078-0
                                                                                                                                              • Opcode ID: 4a95683247c903c4c310f7c85d15acabdef44605ac508db089c83ef2e821cb0e
                                                                                                                                              • Instruction ID: c954ad0d3e504b8bc16ee11b20d149b398c15b55a094c6b574e0753a958a8270
                                                                                                                                              • Opcode Fuzzy Hash: 4a95683247c903c4c310f7c85d15acabdef44605ac508db089c83ef2e821cb0e
                                                                                                                                              • Instruction Fuzzy Hash: C5415B71A00E2BEBCB60CF64E4A09AEB3F6FF09350B10892AD456D7640D734E985DF65
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005F7350 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 005F750C
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 005F7522
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_destroy
                                                                                                                                              • String ID: )_$[json.exception.
                                                                                                                                              • API String ID: 4194217158-293714475
                                                                                                                                              • Opcode ID: 04324abd58d5a1fd6d5fc05e928b5bab13bc5418c3d7f860b66d00f6e12ade3d
                                                                                                                                              • Instruction ID: 5d06d9b281e9c9d3965cc662458c560a33977164c80ea4228e2ff3de17bbda80
                                                                                                                                              • Opcode Fuzzy Hash: 04324abd58d5a1fd6d5fc05e928b5bab13bc5418c3d7f860b66d00f6e12ade3d
                                                                                                                                              • Instruction Fuzzy Hash: 9251D0B0C047499FDB00DFA8C905BAEBBB4EF55314F14426DE850A72C2E7B95A44CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005F4900 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005F499F
                                                                                                                                                • Part of subcall function 006251EB: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,74D723A0,?,00621CF9,?,007669D8,74D723A0,?,74D723A0,-00776880), ref: 0062524B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                                                                                                                              • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                                                              • API String ID: 1903096808-1866435925
                                                                                                                                              • Opcode ID: f7232d729b01da97f20aa986c24b9a2a1de065cf8765f03a364dde68151dd2da
                                                                                                                                              • Instruction ID: f5f07fc768e966a2ed306794683b5ce375959a8460641530d231d6c3d546e8fa
                                                                                                                                              • Opcode Fuzzy Hash: f7232d729b01da97f20aa986c24b9a2a1de065cf8765f03a364dde68151dd2da
                                                                                                                                              • Instruction Fuzzy Hash: 521136B2A44A486BC710DE58DC07BB73788E701710F044629FE5997282EBBCA905CB96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00638E8F Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetConsoleOutputCP.KERNEL32(9B58D97E,00000000,00000000,?), ref: 00638EF2
                                                                                                                                                • Part of subcall function 0063EC43: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,0063A854,?,00000000,-00000008), ref: 0063ECA4
                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00639144
                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0063918A
                                                                                                                                              • GetLastError.KERNEL32 ref: 0063922D
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2112829910-0
                                                                                                                                              • Opcode ID: 6682b95adc9de165edb1bcd65dc46d0e12626ff5b37fe474a4c43525586e91fa
                                                                                                                                              • Instruction ID: e714702d66adf2cb056cc4466f9a4bc2218bbdb889e330b23b4fdfb64f3dbd55
                                                                                                                                              • Opcode Fuzzy Hash: 6682b95adc9de165edb1bcd65dc46d0e12626ff5b37fe474a4c43525586e91fa
                                                                                                                                              • Instruction Fuzzy Hash: 72D19DB5D04649AFCB15CFA8C880AEDBBB6FF09310F24452AE419EB351D770A941CFA0
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00646D22 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,00643DBC,?,00000001,?,?,?,00639281,?,00000000,00000000), ref: 00646D39
                                                                                                                                              • GetLastError.KERNEL32(?,00643DBC,?,00000001,?,?,?,00639281,?,00000000,00000000,?,?,?,0063985B,?), ref: 00646D45
                                                                                                                                                • Part of subcall function 00646D0B: CloseHandle.KERNEL32(FFFFFFFE,00646D55,?,00643DBC,?,00000001,?,?,?,00639281,?,00000000,00000000,?,?), ref: 00646D1B
                                                                                                                                              • ___initconout.LIBCMT ref: 00646D55
                                                                                                                                                • Part of subcall function 00646CCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00646CFC,00643DA9,?,?,00639281,?,00000000,00000000,?), ref: 00646CE0
                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,?,00000000,?,00643DBC,?,00000001,?,?,?,00639281,?,00000000,00000000,?), ref: 00646D6A
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                              • String ID:
                                                                                                                                              • API String ID: 2744216297-0
                                                                                                                                              • Opcode ID: 1c6b12bbc480cf0ce92b9aa1f5aa2eaa3b45eb163208b86a79634593207e7318
                                                                                                                                              • Instruction ID: e51a5a5134eaea3df02604e369ebfa684775aa155153904dfc4460f0b7f2572c
                                                                                                                                              • Opcode Fuzzy Hash: 1c6b12bbc480cf0ce92b9aa1f5aa2eaa3b45eb163208b86a79634593207e7318
                                                                                                                                              • Instruction Fuzzy Hash: DCF0AC3A540158BBCF222F95DC04E993F67EF4A3A1F058415FA1D95231D7368C60DB96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005F36E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 178COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 005F3819
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 005F38F0
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_copy___std_exception_destroy
                                                                                                                                              • String ID: )_
                                                                                                                                              • API String ID: 2970364248-2023640188
                                                                                                                                              • Opcode ID: 255bab0829a42dbe3714397cf72591009578cf4e298b80d0f076100ebe9cf71b
                                                                                                                                              • Instruction ID: ef7ed2e58f851c876618c224049b1c9f1de66e1041690d2e5d98d9e64981869a
                                                                                                                                              • Opcode Fuzzy Hash: 255bab0829a42dbe3714397cf72591009578cf4e298b80d0f076100ebe9cf71b
                                                                                                                                              • Instruction Fuzzy Hash: 056179B1C01658EFDB14CF98C944B9EFBB5FF08320F148259E854AB282D7B95A44CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005F47F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 005F499F
                                                                                                                                                • Part of subcall function 006251EB: RaiseException.KERNEL32(E06D7363,00000001,00000003,?,?,74D723A0,?,00621CF9,?,007669D8,74D723A0,?,74D723A0,-00776880), ref: 0062524B
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ExceptionIos_base_dtorRaisestd::ios_base::_
                                                                                                                                              • String ID: ios_base::badbit set$ios_base::failbit set
                                                                                                                                              • API String ID: 1903096808-1240500531
                                                                                                                                              • Opcode ID: d66324c8107f812fbb0236e857d64fd535c4d8a99c7d457d0a20e70ec50d2226
                                                                                                                                              • Instruction ID: 3b02ef5e7eab5f7ae4fe12bbf047aa027b78f8ab70d269c82969cbd37232724a
                                                                                                                                              • Opcode Fuzzy Hash: d66324c8107f812fbb0236e857d64fd535c4d8a99c7d457d0a20e70ec50d2226
                                                                                                                                              • Instruction Fuzzy Hash: 944126B1D00648AFDB04DF58CD45BAEBBB8FB45720F14821DF614A7382D7795A00CB95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005F4040 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F4061
                                                                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 005F40C4
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                              • String ID: bad locale name
                                                                                                                                              • API String ID: 3988782225-1405518554
                                                                                                                                              • Opcode ID: f8a5fdd867d016b0f8ae5e52441ad8e2a4519ffc02f905ba73c17f1548d1adbb
                                                                                                                                              • Instruction ID: 0096350078a82120538e0e7cb0e28dd93944ea3e1974a009f33bf43bf062e8eb
                                                                                                                                              • Opcode Fuzzy Hash: f8a5fdd867d016b0f8ae5e52441ad8e2a4519ffc02f905ba73c17f1548d1adbb
                                                                                                                                              • Instruction Fuzzy Hash: 9111E6B0805BC4EED321CF68C50478BBFF4AF15714F148A8DE49597B82D3B9AA08CB95
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00623D67 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00624540
                                                                                                                                              • ___raise_securityfailure.LIBCMT ref: 00624628
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                              • String ID: xUw
                                                                                                                                              • API String ID: 3761405300-2886643060
                                                                                                                                              • Opcode ID: 31776242d17ac190e9259683032a33c9753ec80bdf55c48aa2a944d57bf8430f
                                                                                                                                              • Instruction ID: 7f549fc0b7781d90637f2987125327ad8f688ba6e817b9b6d17d8a19b175323a
                                                                                                                                              • Opcode Fuzzy Hash: 31776242d17ac190e9259683032a33c9753ec80bdf55c48aa2a944d57bf8430f
                                                                                                                                              • Instruction Fuzzy Hash: 0D21BFB4940B04DEE700DF25F885A543BA6FB18B94F90952AE50DCB3A0E7F869C1CF58
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 00606590 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 006065C9
                                                                                                                                              • ___std_exception_copy.LIBVCRUNTIME ref: 006065FC
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_copy
                                                                                                                                              • String ID: )_
                                                                                                                                              • API String ID: 2659868963-2023640188
                                                                                                                                              • Opcode ID: c540da2e78d60154719a77e3d81f32c7487f61cbaed52f425fb354b7de2d4929
                                                                                                                                              • Instruction ID: d17ac6ca3c51840644502c37b811167b5bb8231faf9230a43271bca89698becd
                                                                                                                                              • Opcode Fuzzy Hash: c540da2e78d60154719a77e3d81f32c7487f61cbaed52f425fb354b7de2d4929
                                                                                                                                              • Instruction Fuzzy Hash: 3C1170B1900708EBCB01CF98C980B86F7F8FF09720F10876AF91497641E774A550CBA1
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0062463B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00624646
                                                                                                                                              • ___raise_securityfailure.LIBCMT ref: 00624703
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                              • String ID: xUw
                                                                                                                                              • API String ID: 3761405300-2886643060
                                                                                                                                              • Opcode ID: 9abf0205bc7cb60e650506c0ee741f44ec76aa5881610dfdccc88bc1c6e60b18
                                                                                                                                              • Instruction ID: 1aff2811d3a0b43bf5574ede20a0b13e1a894d8e1bd8947b74868df7c86c7a3e
                                                                                                                                              • Opcode Fuzzy Hash: 9abf0205bc7cb60e650506c0ee741f44ec76aa5881610dfdccc88bc1c6e60b18
                                                                                                                                              • Instruction Fuzzy Hash: FF119FB8951A04DEE700DF25E9816443BB5FB18B94B91D52AE80CCB360E7F8A981DF49
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 005F7A20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 005F7A5C
                                                                                                                                              • ___std_exception_destroy.LIBVCRUNTIME ref: 005F7A72
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: ___std_exception_destroy
                                                                                                                                              • String ID: )_
                                                                                                                                              • API String ID: 4194217158-2023640188
                                                                                                                                              • Opcode ID: 3806671cb5866f21bda0b1e85669d8f9064d49a8ea333aed485e9ce4ac501cae
                                                                                                                                              • Instruction ID: 7a4e701405d7804aa498de25ed0d693ffbc61a3d5fb2e6977e59796228be5f62
                                                                                                                                              • Opcode Fuzzy Hash: 3806671cb5866f21bda0b1e85669d8f9064d49a8ea333aed485e9ce4ac501cae
                                                                                                                                              • Instruction Fuzzy Hash: B3F0C2B1800704EFC710CF98C90178DFBF8EB05720F00066DE414A3780D7B956148B96
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0062360D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27timeCOMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • GetSystemTimePreciseAsFileTime.KERNEL32(?,00623067,?,?,?,?,006B51DF), ref: 00623645
                                                                                                                                              • GetSystemTimeAsFileTime.KERNEL32(?,9B58D97E,00000000,?,0073E6F2,000000FF,?,00623067,?,?,?,?,006B51DF), ref: 00623649
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: Time$FileSystem$Precise
                                                                                                                                              • String ID: `-_
                                                                                                                                              • API String ID: 743729956-1818756280
                                                                                                                                              • Opcode ID: e88e0803a946476d7b366d982e4fb0a1f6a6f447946cbd7c33c8af2d2a1b90ef
                                                                                                                                              • Instruction ID: f09b3b72833d0920adfce82eb3fe0f327ad4b037c7ba886a3f3be9c3670b18ec
                                                                                                                                              • Opcode Fuzzy Hash: e88e0803a946476d7b366d982e4fb0a1f6a6f447946cbd7c33c8af2d2a1b90ef
                                                                                                                                              • Instruction Fuzzy Hash: 7FF03076944A64FFC7118F54EC01B59B7A9F709F60F008126E91297790DB79A900CF94
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                              Function 0063B7E6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMONLIBRARYCODE
                                                                                                                                              Download Yara Rule
                                                                                                                                              APIs
                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(00000016,00000001,006289C2,00000001,00000016,00628BD1,?,?,?,?,?,00000000), ref: 0063B826
                                                                                                                                              Strings
                                                                                                                                              Memory Dump Source
                                                                                                                                              • Source File: 00000007.00000002.3566548311.00000000005F1000.00000040.00000001.01000000.00000005.sdmp, Offset: 005F0000, based on PE: true
                                                                                                                                              • Associated: 00000007.00000002.3566405724.00000000005F0000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000772000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3566548311.0000000000782000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.000000000078C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000791000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567043357.0000000000794000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000797000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008C7000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.00000000008E1000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000928000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000970000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000C81000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              • Associated: 00000007.00000002.3567207263.0000000000F22000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                              • Snapshot File: hcaresult_7_2_5f0000_RageMP131.jbxd
                                                                                                                                              Similarity
                                                                                                                                              • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                              • String ID: InitializeCriticalSectionEx$`-_
                                                                                                                                              • API String ID: 2593887523-1341092918
                                                                                                                                              • Opcode ID: e13de063d9871fd220711b874c9c33c9d82ef8f3fe29bc76c47dd74779901639
                                                                                                                                              • Instruction ID: 380944a7dd9efea76af54266472f189595b54284a275f67ce15e6871e00bd060
                                                                                                                                              • Opcode Fuzzy Hash: e13de063d9871fd220711b874c9c33c9d82ef8f3fe29bc76c47dd74779901639
                                                                                                                                              • Instruction Fuzzy Hash: E3E09235681218B7CB112F50DC05EAE7F17FB44B70F00C021FA2959161C7B64821ABC9
                                                                                                                                              Uniqueness

                                                                                                                                              Uniqueness Score: -1.00%